7586e1427deaf2b2b83a636385093ba8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7586e1427deaf2b2b83a636385093ba8_JaffaCakes118
Size

188KB
MD5

7586e1427deaf2b2b83a636385093ba8
SHA1

ea2b264690a8674d90d5ef035fb0c3b3669c4f35
SHA256

d2ce4dc6ba41bf8958a1a607702351bb92217efb36d18d69d479abdc281c86ea
SHA512

cf7f1408cd70a6313010f338f06a8c8cb5f55e9ba6e7281070a90916de304a9da40043664e7600ddfa03977d925b7e17d26923da58b0e9e0cf3645420e8f91b4
SSDEEP

3072:/uA2GfwZzr0fAsWdNw3f+35h9bkUenAopFYrzLDatHRUOHUMalHaABe+9:rfwVWsUOfZFoErDajnGl6A4O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7586e1427deaf2b2b83a636385093ba8_JaffaCakes118

Files

7586e1427deaf2b2b83a636385093ba8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e0d429a7bb271290adcb3dbc95060f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

winspool.drv

DocumentPropertiesW

kernel32

DeleteCriticalSection
GetTickCount
lstrcpynW
OutputDebugStringW
CheckRemoteDebuggerPresent
GetLastError
GlobalFree
GlobalAlloc
lstrcpyW
EnumResourceTypesW
FindClose
lstrcmpiW
lstrlenW
lstrcpyA
GetCPInfo
GetACP
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LockResource
GetModuleHandleW

user32

PostThreadMessageW
CharNextW
SetTimer
GetDC
KillTimer
DispatchMessageW
GetMessageW
CharUpperW
TranslateMessage
wsprintfW
GetAncestor
UnregisterClassA

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ