965ee7599514869a2cacb0a2f1270e26_JaffaCakes118 | Triage

Sharing

General

Target

965ee7599514869a2cacb0a2f1270e26_JaffaCakes118
Size

161KB
MD5

965ee7599514869a2cacb0a2f1270e26
SHA1

addcc65dff2a1923292c3873b54e0a94356bd7f3
SHA256

74ebae549b043f43c81fda62d7dd93ff70a5539568f1f46f3169e99377dfb23f
SHA512

619d13eeb51d23d9cf58bbf62ae6cb0c6b2a86ae36e235a875075d0e93dc3120bdda76bdb415c6990c2158d3ba9e4d380b3a78ea1fcd287cbc513d90b955306a
SSDEEP

3072:ZV8lia+3JTqqiPgR3XSscPr/xZxn4fhxD4ueILguSoZKaS61A:b+if3JdiPoilTzxorR3SoZKG1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
965ee7599514869a2cacb0a2f1270e26_JaffaCakes118

Files

965ee7599514869a2cacb0a2f1270e26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08184e484af06f1fe8e0f065f7185a00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

version

VerQueryValueW

ole32

CoUninitialize

shell32

SHGetPathFromIDListW

userenv

CreateEnvironmentBlock

Sections

.text
Size: 154KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE