5e80345b690054a32c6ecb4f4f4d1407_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e80345b690054a32c6ecb4f4f4d1407_JaffaCakes118
Size

275KB
MD5

5e80345b690054a32c6ecb4f4f4d1407
SHA1

fe4f5e7b0f9a0193f241e66774b26055728708a1
SHA256

618256cd857767243ceb24b65be2fdc0223b1cb8040071ec9176daaf5d0337c3
SHA512

2292d2c659eabdf0b5e25aa587a67ec55f92b78f58c51d1e609d00f94dc2c249a59a7b3a4710e658567190504ef191c271c5dd04a8136878934a5d5b241bfb9a
SSDEEP

6144:nvLLtTNMWQCSjBwSpQfjtv/IXIlfsMVAFYN2sRjsPQ:nzZGWEFCv/I+kxAg4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e80345b690054a32c6ecb4f4f4d1407_JaffaCakes118

Files

5e80345b690054a32c6ecb4f4f4d1407_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf8f906e5e399e090b303bf0d3f19478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SafeArrayPtrOfIndex

advapi32

StartServiceA

shell32

Shell_NotifyIconA

msacm32

acmFormatChooseA

user32

GetKeyboardType

version

VerQueryValueA

winmm

waveOutWrite

wsock32

WSACleanup

wininet

InternetReadFile

comctl32

ImageList_SetIconSize

gdi32

UnrealizeObject

ws2_32

WSAIoctl

mpr

WNetOpenEnumA

avicap32

capCreateCaptureWindowA

Sections

CODE
Size: 263KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Fi7ke
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE