6052cd83147cadffd17498ee4136ea55_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6052cd83147cadffd17498ee4136ea55_JaffaCakes118
Size

181KB
MD5

6052cd83147cadffd17498ee4136ea55
SHA1

0be13b1975f3728db5124c64ed2c564894dda78c
SHA256

0c1adaedfbfa02d0d11c2db5e4957d193f31513ba07fbf2a2222e30955a95db2
SHA512

9195257de5e985cff8a1999d9faced8996b09599a2e470c14fe3de155dc4803fb7f31b6c44263c032f66ff62326a760576f4646b019848e922aea06cf3c05982
SSDEEP

3072:Rkw3d25ynJvbD5qPArv9/1HgCA15FZkMTpchkCQ5EwAHAIt1gAw+L/vXX1tP3:Gw3Y5SJvAPKtHgCAYMcfQEwvkGTmHbP3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6052cd83147cadffd17498ee4136ea55_JaffaCakes118

Files

6052cd83147cadffd17498ee4136ea55_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c87d79d4aedd2a5806b4f002839d0321

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

SHGetSpecialFolderLocation

Sections

CODE
Size: 172KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE