89a87893b86a23cb111e8808d9a1480a_JaffaCakes118 | Triage

Sharing

General

Target

89a87893b86a23cb111e8808d9a1480a_JaffaCakes118
Size

171KB
MD5

89a87893b86a23cb111e8808d9a1480a
SHA1

88e3465035ff3e1c0d9fb4372fcfdef62dfabd9d
SHA256

1a3c7ebe46ec5272d5a8fd3be4aa7b724316805a20048c9e530580c6106d9a10
SHA512

f472c18bb4369e21e87a16a40129c775dc3ca969dfcc194b352f8c8b539a46c22ef4cec0cb3333a17dd1410ef23b43c81d4bb3fb786964f4e791f7bfdecdb5db
SSDEEP

3072:b9MsHFnZ0vpOQNzCtCuQf5t/cx/EsvNkQ81KSmUsnWEZZIHoMpiiOJm:BXHFnZfQJwPWn/cGsvNkLFmU+BZZUoT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89a87893b86a23cb111e8808d9a1480a_JaffaCakes118

Files

89a87893b86a23cb111e8808d9a1480a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da01bba9fdc3e08fa6e2024baad0ff29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

kernel32

VirtualProtect
GlobalAddAtomA
HeapAlloc
RtlUnwind
GetCurrentProcess
ReadFile
HeapFree
GetSystemInfo
EnumResourceNamesW
FlushFileBuffers
SetEndOfFile
ExitProcess
GetVolumeInformationA
VirtualQuery
SetFilePointer
GetOEMCP
WriteFile
FindAtomW

comdlg32

ChooseFontA
GetOpenFileNameA

ole32

CLSIDFromString
CoTaskMemFree
CoCreateInstance
StgCreateDocfile

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 94KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ