728823e81f39c6865a1f09a3f25447c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

728823e81f39c6865a1f09a3f25447c2_JaffaCakes118
Size

170KB
MD5

728823e81f39c6865a1f09a3f25447c2
SHA1

ffb9f03784f889798927495954d363e58962eff0
SHA256

d033047f66588cadde3c1e7d1577e29d81a877abe6f8b3f1305d74802313534a
SHA512

40fab56a5666dea6f205f532f5d45d5bbae11d63a0876f2c8acfd03a39e1dacef8d612603590a0ef0496726e28389657bc6a10603ba100c5e3693df06dece1cc
SSDEEP

3072:yO5zaIJOHpMiDCmsnX53bPMIj44MDnMbH+6FZVApiYV+PYItpx3Fs31HuzxGNNpP:yOppJOJMPmsJrVj44MDnAF3Api4+wInF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
728823e81f39c6865a1f09a3f25447c2_JaffaCakes118

Files

728823e81f39c6865a1f09a3f25447c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f7fde6a6ee6abbd1275124b0bef1417

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

ChooseFontA
GetOpenFileNameA

kernel32

RtlUnwind
VirtualProtect
GlobalAddAtomW
GetOEMCP
VirtualQuery
ExitProcess
HeapFree
WriteFile
EnumResourceNamesW
ReadFile
SetFilePointer
GetStringTypeExW
FlushFileBuffers
GetCurrentProcess
HeapAlloc
GetSystemInfo
SetEndOfFile
FindAtomW

Sections

.text
Size: 91KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ