32398dda489b65c953d32ff310aaeb82_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32398dda489b65c953d32ff310aaeb82_JaffaCakes118
Size

184KB
MD5

32398dda489b65c953d32ff310aaeb82
SHA1

8f65a78b24290169797dff9383c34aab541a7911
SHA256

2cfe53b5e0a2ca6d77659173ff32f38c8788073f73cfcc451f1da40fbe23e0c5
SHA512

c7918d3555377c9353297a25048f47761a2928c5a054c303808ad5beed94043e53d23ef29c054f029ec0bc0d22166bfac3223230179f83423a243c7c2dccd832
SSDEEP

3072:R88wW3tGy/xZ22QJFzkKYSBLuGyct49Y47ZekPSfrXu8Pw1RgJ6nM7khL2Ijkoia:R88RtGy/xZsYKYaKGyRY47Eze8Pwg3kf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32398dda489b65c953d32ff310aaeb82_JaffaCakes118

Files

32398dda489b65c953d32ff310aaeb82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb81281306b1ade83793324e9246ea87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
StgCreateDocfile

comdlg32

ChooseFontA
GetOpenFileNameA

kernel32

ExitProcess
GlobalAddAtomA
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
SetUnhandledExceptionFilter
RtlUnwind
EnumResourceNamesW
Sleep
LoadLibraryExW
GetLongPathNameA
FindClose
GetTickCount
GetStartupInfoA
GetProcAddress

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

Sections

.text
Size: 93KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ