697fa05c9599fc24417fe82b8875f1f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

697fa05c9599fc24417fe82b8875f1f2_JaffaCakes118
Size

113KB
MD5

697fa05c9599fc24417fe82b8875f1f2
SHA1

c7581d79152933c8af200ebcb6ee5800585bd011
SHA256

f08083ef0f7c14ca2ebf0c4c781d171dfb70bbdced4d940ff0e768b795bd35f0
SHA512

2d184f0bdfe42b069df3c2e7c3853fb33839b5b78bda3b3e7cc2388477a4426350d0979e29f8c340a707b9d5c406e870f2691b31557e294ad2bb01453547ae6a
SSDEEP

3072:qk3QPQb31XI1ReSZFsS5zGzmCTkajN/BudS/30:qaQPQVIaATR+tQajGdt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
697fa05c9599fc24417fe82b8875f1f2_JaffaCakes118

Files

697fa05c9599fc24417fe82b8875f1f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fbcd36c43b6c9c85189a943e7e0f73c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

vulanloginf

VulanUnHookDll

user32

CharNextA

gdi32

SetBkMode

comdlg32

GetSaveFileNameA

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

comctl32

ImageList_Destroy

oledlg

ord8

ole32

CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen

wsock32

WSAStartup

Sections

.text
Size: 101KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE