30167ab1b39f9c8b36e6453d77374ac5_JaffaCakes118 | Triage

Sharing

General

Target

30167ab1b39f9c8b36e6453d77374ac5_JaffaCakes118
Size

649KB
MD5

30167ab1b39f9c8b36e6453d77374ac5
SHA1

a6b5b511003523abdf4b9ceb196950bc3db67a19
SHA256

10c42a5954c52602441733b111f956736e6dfb318f6775e81bc7b3baefb59c88
SHA512

0761b9c261b969d63624a6ef7b38c7e58e165e160141753f5b09f17f7f4deff2e9e5f218a8072e2b462b67f8241a421e670a43f7778c93eb9e407e70a881e6c3
SSDEEP

12288:ADhx4NskAyw+SUdgvTwerk3RP0wCoyVALo+57qxslIm2snoQeAMFVDNV:IhmNs7S9gv/rG5D0co+5Is2WeVj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30167ab1b39f9c8b36e6453d77374ac5_JaffaCakes118

Files

30167ab1b39f9c8b36e6453d77374ac5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

749040a72cf0f6435f46d94805edc0e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

winmm

midiOutReset

ws2_32

closesocket

user32

WaitForInputIdle

gdi32

PtVisible

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

StgCreateDocfileOnILockBytes

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: 614KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE