31f96fb3a8e09864a115993c8c3e4657_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31f96fb3a8e09864a115993c8c3e4657_JaffaCakes118
Size

47KB
MD5

31f96fb3a8e09864a115993c8c3e4657
SHA1

03eeecd69adf36861a27920381b5cd5f1f887237
SHA256

08bda4c9c06252c9fcd6296aed79f9b8ef438f055ed47c680be3582a9d55ecaa
SHA512

18cfe060d90ec8d2221ed12e914e78d2d296656c3412d7c8db897ab641f953d6ea141043b390ef089fb4a2319040dfd87893421dbba3963c069498f402f5ef01
SSDEEP

768:v0zpJXWA3oruYrj/1VYhRZbMccHfPZdFH3nGDS779CqpixgAUlF7z9veU:v0zfdAL9q4bYDG9/paRS1zgU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31f96fb3a8e09864a115993c8c3e4657_JaffaCakes118

Files

31f96fb3a8e09864a115993c8c3e4657_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfef8918eb06fe9cd292b786655a4658

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

urlmon

URLDownloadToFileA

Sections

CODE
Size: 16KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE