610da21974d9fde0bc637e1c761b4271_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

610da21974d9fde0bc637e1c761b4271_JaffaCakes118
Size

650KB
MD5

610da21974d9fde0bc637e1c761b4271
SHA1

3f0ce3ac5147ee9ce60ae85cdc25bb52be8a3470
SHA256

2d58cb02cb51a812cd87f7bc781a45370e71a9cdd50047c7afbbe902300166f2
SHA512

440b5f313940eb519cf8343eeb579e3703fd5eca93516da64e475f35606f8b7d197eb625972b565d7ac0d159f628037c22b4ebd177d4f0cc089be69eca25e5ef
SSDEEP

12288:MQ4gfMy/BWEA9+T2DklK7hbqBiMEXzM5cBYR76pi/K3OL8Ep1ThVBymu:xvhJRZiDkw7yiTDM2Y8pii+IEp1TrC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
610da21974d9fde0bc637e1c761b4271_JaffaCakes118

Files

610da21974d9fde0bc637e1c761b4271_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce619da43ddd638befe71512c224703b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

msimg32

GradientFill

gdi32

UnrealizeObject

version

VerQueryValueW

ole32

CoTaskMemAlloc

comctl32

_TrackMouseEvent

winspool.drv

OpenPrinterA

comdlg32

ChooseFontA

shell32

ShellExecuteW

Sections

.text
Size: 637KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE