49852faecfbf343162ee12b511e832d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49852faecfbf343162ee12b511e832d7_JaffaCakes118
Size

280KB
MD5

49852faecfbf343162ee12b511e832d7
SHA1

9cec5ee1705cdd997c74fcb9c7f0e35c72aaaff9
SHA256

ec43d81edbb50036bb9f67eb02f3d3a6460ef914a2f262af059b0dc2df9c2cae
SHA512

798d8eaca27bc2329374078f434eb8e7dace2d72996569bdd95122fe5789595884e4219f1d1f51c4b562fd9e0583e47e1ed00e8a3aa0fdef9cf2156530e1f446
SSDEEP

6144:Hw+74Pw5xx4gCZZjGKisJY3Dme7fcbFxy6hK96VsDyRFKfdIqsDVEyo:Hw+7LqZCKJJ6DR7fPB9sMyR8fdIqsmV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49852faecfbf343162ee12b511e832d7_JaffaCakes118

Files

49852faecfbf343162ee12b511e832d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88fbc4982cc01b7e00c69cc8e9dbcfd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
StgCreateDocfile

comdlg32

ChooseFontA
GetOpenFileNameA

kernel32

GlobalAddAtomW
GetSystemInfo
VirtualQuery
GetOEMCP
HeapFree
ReadFile
FlushFileBuffers
VirtualProtect
ExitProcess
SetFilePointer
EnumResourceNamesW
GetStringTypeExW
HeapAlloc
RtlUnwind
GetCurrentProcess
SetEndOfFile
WriteFile
FindAtomW

Sections

.text
Size: 150KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ