3f5d2e34c50170648a86570f0062b61c_JaffaCakes118 | Triage

Sharing

General

Target

3f5d2e34c50170648a86570f0062b61c_JaffaCakes118
Size

267KB
MD5

3f5d2e34c50170648a86570f0062b61c
SHA1

2e96e5d42f4069d5babe92d4e762d4877a33de25
SHA256

e16e3f81d5f628693fd01ac3780a81098d96d705e06d6f4820d01975b24eb068
SHA512

8fa3305e2f70c132be3586b6f7fbba127e2d0fb3ff11b2d5f363f4bbf9027df50c190b00ce53728b3d32ecfc711e0784f8e43775acad7b496d5a2b4a048aa5ef
SSDEEP

6144:wdHC+0nnZPan3ceKJuY8UX2fGEvmblk/8os3UtI:wdHC+IA3y87Olkz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f5d2e34c50170648a86570f0062b61c_JaffaCakes118

Files

3f5d2e34c50170648a86570f0062b61c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

41507753530d76bf751bd1509806ec8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

Sections

.MaskPE
Size: 257KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE