838c29458987ccbcc95dbd447a225eb9_JaffaCakes118 | Triage

Sharing

General

Target

838c29458987ccbcc95dbd447a225eb9_JaffaCakes118
Size

47KB
MD5

838c29458987ccbcc95dbd447a225eb9
SHA1

56786092f866da9f1e8705bb2e9111b3b9caa483
SHA256

9cddd045de1597f17bf47df42f99a4f5ed1820d25dfc26f308f2cabb1cb51465
SHA512

a839a0b6d39df75d0a00ba7c25cd0fdbd898a82cf75eb8485cd88f25079981c4054754e91569e6afa90f01c0d90179e143f41800a1b0296feef41a77f594c179
SSDEEP

768:00xE1ykzkR3Qc8IpOAbLOCVyCnDLf7I3ZpUQM4A6z+HE6EgHP:00xE1ykoR3Qc8IwgVYuDLAJqHd9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
838c29458987ccbcc95dbd447a225eb9_JaffaCakes118

Files

838c29458987ccbcc95dbd447a225eb9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29d4d9a4e535bff721362e89820bef9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 41KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE