6909c416ed449381d0a65ac8f5958564_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6909c416ed449381d0a65ac8f5958564_JaffaCakes118
Size

178KB
MD5

6909c416ed449381d0a65ac8f5958564
SHA1

00466e6ba06acc04cfa2c55d13e08f39499be655
SHA256

e3c443771f83db79a5c25fcf9aaea4f387b5000fa11a5096229a0620da890ad6
SHA512

23bceb608b14e8a79a5742446474672de4eb7380ac4375275c9b56024f590b3b9843abc78af5cb4749405a72ac250f26f7da4c961dcaf01c9ff69fc910700fd2
SSDEEP

3072:37OtkRT/TO3l7LYZQ5mkQldmqVx1DZOuzskDB/fCTsrasA8clUL:ymRTuB5vQlMqVx19zCTwasAN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6909c416ed449381d0a65ac8f5958564_JaffaCakes118

Files

6909c416ed449381d0a65ac8f5958564_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c55d58516ab8b94df1945dd02ca3b318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 168KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE