89aa46d17b70dc0469e96beb68e8f4d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89aa46d17b70dc0469e96beb68e8f4d5_JaffaCakes118
Size

1.5MB
MD5

89aa46d17b70dc0469e96beb68e8f4d5
SHA1

ff893679c9d56b86389fba1ab82a8ad88a0b2628
SHA256

97671a10044cff81bc4c11289b74d849bd81dc09100cf0adef75009527bb3d7b
SHA512

9e4999d4acb61d611a38171cf6035d90d0af5831673c488385fa955b42e53e0791e10e11fdde3f851e687f2be194a26996371f6e50d4eedfd4671846afb18777
SSDEEP

49152:cJFKHDPgmYvJX+jnxLGJxb2ivqQQNYt/:KQH7gMxLGH2KqQa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89aa46d17b70dc0469e96beb68e8f4d5_JaffaCakes118

Files

89aa46d17b70dc0469e96beb68e8f4d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bcfc3ebcd90bd4631d65757853beb3bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetActiveWindow

gdi32

SelectPalette

winspool.drv

DocumentPropertiesW

comdlg32

GetSaveFileNameW

advapi32

RegisterEventSourceA

shell32

ExtractIconW

ole32

CoInitialize

oleaut32

VariantChangeType

oleacc

CreateStdAccessibleObject

comctl32

ImageList_GetIconSize

wsock32

gethostname

ws2_32

WSAEventSelect

Sections

.text
Size: 1.5MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE