63a7f2286ef6e43af7a4551382073517_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63a7f2286ef6e43af7a4551382073517_JaffaCakes118
Size

78KB
MD5

63a7f2286ef6e43af7a4551382073517
SHA1

6e0d52b3d9112485459f9286261f75f9fc3ac86c
SHA256

fb6bf7da2480d294ac26ae47982c54d467c76e23c7e32c7263d38052c36e148f
SHA512

35f3697d5b7897ad9f373bc9d8c9e94b8c270939418231c91713220947f6ee72d8af723467e8b405c1905bd6e9e9ab67aab67e4d5ba3ac483ecd14f6f8e77097
SSDEEP

1536:NT82/scmKPaOdsXmZtmHKdppH+jWrBi31LIlYj/aiHMd:NI2/ZmIvyXlWzetFVjCi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a7f2286ef6e43af7a4551382073517_JaffaCakes118

Files

63a7f2286ef6e43af7a4551382073517_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bf36265f9228db5612cddc1eaebfd5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

ole32

CoTaskMemFree

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

Sections

.text
Size: 66KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE