45b46277b3678ff08b81053535316b13_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45b46277b3678ff08b81053535316b13_JaffaCakes118
Size

269KB
MD5

45b46277b3678ff08b81053535316b13
SHA1

381b7b64d129cfda065e6476d8a1d3f1f7f44740
SHA256

14fa9023a4b52b66e08428958e97ca410aae29250f38be3ca086fe3a93988260
SHA512

85d6658afa6a51b6d50c518411dc19854ec01c082c44ac06cb7646ea7424adc4810cebff71584fe21e1bee136d8ef8c1a41488b41b027c39579b2e2704507f0c
SSDEEP

6144:6d/aVJyJoHQkCe1C8Lx2Mlw/9yA9uGjiKU1+EsWPJZ4EF/x9FpSdT32:6dSbyUqeFx2MlwlyA9uG7U1+EL4+Kq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45b46277b3678ff08b81053535316b13_JaffaCakes118

Files

45b46277b3678ff08b81053535316b13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

36d21920d5f4032b02d5fd9b6d2906cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsRectEmpty

gdi32

OffsetViewportOrgEx

comdlg32

GetOpenFileNameW

winspool.drv

ClosePrinter

advapi32

RegEnumValueW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard

oleaut32

SysStringLen

recoveryoffice

office

Sections

JAPONE
Size: 241KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LnDL
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE