76a376a74915553f0d09d50dd3eb1df7_JaffaCakes118 | Triage

Sharing

General

Target

76a376a74915553f0d09d50dd3eb1df7_JaffaCakes118
Size

737KB
MD5

76a376a74915553f0d09d50dd3eb1df7
SHA1

d34dbf9348a8f2440dd7ac9c23b15d525df44aa9
SHA256

6ffa969a8abcbb879398f7712fdad14f1d8d147c1b0c71ac3298224f00d9abde
SHA512

2f27745096fa60ba7d3aa7034956600f8da59706b6169c7fd9daf917a7c76028c1efaa89199e6e9db0f96ae0c2b09da9509673f6937b63ee0ac1de7f9e8ce078
SSDEEP

12288:WEu/b7WPgA/i+5LaYvSxzwdu2mufWPGAAoiDj:WLO5/VJFtfy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76a376a74915553f0d09d50dd3eb1df7_JaffaCakes118

Files

76a376a74915553f0d09d50dd3eb1df7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cdf4ad78495711edefc7d525b74a1a7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

powrprof

ReadPwrScheme

pdh

PdhCloseQuery

psapi

EnumProcesses

version

VerQueryValueA

shfolder

SHGetFolderPathA

user32

GetDC

gdi32

BitBlt

comdlg32

ChooseColorA

winspool.drv

ClosePrinter

advapi32

FreeSid

shell32

DragFinish

comctl32

ord17

oledlg

ord8

ole32

CoInitialize

olepro32

ord253

oleaut32

SysFreeString

Sections

.MPRESS1
Size: 299KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE