420a0412a3767ce2a193a5161e7aae0a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

420a0412a3767ce2a193a5161e7aae0a_JaffaCakes118
Size

674KB
MD5

420a0412a3767ce2a193a5161e7aae0a
SHA1

360789319e876b45bb91fb60aaaf0e5d43f7b13b
SHA256

4e7c426c2773083261f3867afc0f21ecd0c3e1efabded00afe9c7fefa3d17938
SHA512

9f86affb8a33265fdd57d77a3dbb1a94c92f0ba7b15dc25e32b8e7329fcd65fd7d17cda7ca3337bf5d5a29dc78f3ba53f2a111197263f7486240821d23214580
SSDEEP

12288:Ty42M8huq2KsDoHHtk86VBVcTxQAzeGBjO4AbLZEtgPRmljL+LuJQ:Tfr8hutDeNUVB8QAz9Z0mtgPRmlOL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
420a0412a3767ce2a193a5161e7aae0a_JaffaCakes118

Files

420a0412a3767ce2a193a5161e7aae0a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29ac700d89ed8207b3ac99e28c010288

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

olepro32

OleLoadPicture

comctl32

ImageList_SetIconSize

imm32

ImmGetCompositionStringW

winspool.drv

OpenPrinterA

shell32

Shell_NotifyIconA

wininet

InternetReadFile

comdlg32

GetSaveFileNameA

gdiplus

GdipGetImageHeight

Sections

CODE
Size: 559KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE