a3c8caf179813e4ebe4d628ab9d06b49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3c8caf179813e4ebe4d628ab9d06b49_JaffaCakes118
Size

278KB
MD5

a3c8caf179813e4ebe4d628ab9d06b49
SHA1

1ea926ee3a7cc08298549321d99e0689db8e7e11
SHA256

c6085ea86139d26f6742eb2b793a951b9a92b81adfe0a34a82a394d62c270f7a
SHA512

d464bf9c66a251b32983e478349ec2c941aa946e92737d102a3d2ec5efda1d58f5d0ef7d961a8b3cc313089280a4f929a46b590fddef97f3b76770c30c817101
SSDEEP

6144:h0Wem2xAZt1jFcfWdHJKEJ2xaBj9DRj9lJE/pTEEN1zy:iPmftLjTsxaBj9D3XExYEN1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3c8caf179813e4ebe4d628ab9d06b49_JaffaCakes118

Files

a3c8caf179813e4ebe4d628ab9d06b49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b77fc11a670684ad794395951bcbf35d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemFree
StgCreateDocfile

kernel32

VirtualProtect
FlushFileBuffers
GlobalAddAtomA
WriteFile
HeapAlloc
GetSystemInfo
SetFilePointer
RtlUnwind
EnumResourceNamesW
ExitProcess
ReadFile
GetOEMCP
GetLongPathNameA
VirtualQuery
GetCurrentProcess
HeapFree
SetEndOfFile
FindAtomW

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 141KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ