392e9c6c848400ed90b3b5e42d259f20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

392e9c6c848400ed90b3b5e42d259f20_JaffaCakes118
Size

165KB
MD5

392e9c6c848400ed90b3b5e42d259f20
SHA1

ae7a1e54d5a5de8040c8b44e3c064209b016f078
SHA256

c3699cbdf183bbfec12fb3e1c86a45d3db13a36036ad4b98ddf1ce5912cdc686
SHA512

8a04a14b0960aead9ff692722ddeee4f446c68cf22292d69fc2a5d4fdd333d1e9f05433298560d77604161b413c512dc08754007ea3969b2c7fed24a9ec0e085
SSDEEP

3072:a9zfWJtOsnymVDwyInZO6hSRAXw58Gn3+p6BLZFk+/eaqr07IVV48XCPdsPMqu17:a9zeDHDUZyRAXw58Q3+6LZFkAeKEXCPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392e9c6c848400ed90b3b5e42d259f20_JaffaCakes118

Files

392e9c6c848400ed90b3b5e42d259f20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

488a5a5a46e67bc10e904a69a7a19530

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

wsprintfW
GetAncestor
SetTimer
PostThreadMessageW
KillTimer
TranslateMessage
DispatchMessageW
GetMessageW
CharNextW
GetDC
CharUpperW
UnregisterClassA

kernel32

OutputDebugStringW
lstrcpynW
GetACP
LockResource
lstrcpyW
CheckRemoteDebuggerPresent
lstrcpyA
GlobalAlloc
EnumResourceTypesW
GetCPInfo
DeleteCriticalSection
GetLastError
MultiByteToWideChar
lstrcmpiW
InitializeCriticalSection
WideCharToMultiByte
FindClose
GlobalFree
GetTickCount
lstrlenW
GetModuleHandleW

winspool.drv

DocumentPropertiesW

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ