863d8f41bb867b96bcb28235efa6b38d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

863d8f41bb867b96bcb28235efa6b38d_JaffaCakes118
Size

14KB
MD5

863d8f41bb867b96bcb28235efa6b38d
SHA1

2d27b1a3d54513165b267e93f2d1549d3f067d43
SHA256

cdaaa9bf45e78510c5e02f02dfcd03ff924a8208ddd6533bfd60a04172e38c43
SHA512

928866b3c6ffbb42c8eca8ca49584cb7eed3edeaadcb8b664da1e1d4d2832ec26bf29f14b6fc4f519b5d97f2bbcaba79fc63b6392d1dfbab08b4f86da35a157a
SSDEEP

384:kmL7wYTmB2jV5KIByTS1CXSeSXRigq6j:kmL7LjV5IS1C7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
863d8f41bb867b96bcb28235efa6b38d_JaffaCakes118

Files

863d8f41bb867b96bcb28235efa6b38d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37f3cd05a4ed0aa309b2569719cfa873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

wininet

InternetReadFile

Sections

CODE
Size: 9KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE