a4bef509d33cf6b5b8649ad7ede64857_JaffaCakes118 | Triage

Sharing

General

Target

a4bef509d33cf6b5b8649ad7ede64857_JaffaCakes118
Size

727KB
MD5

a4bef509d33cf6b5b8649ad7ede64857
SHA1

9f103c14967eab87cb869bf8e7f4ae7eaaa49960
SHA256

6e5aa87c5cdea1bcf26266e2fe72fdd107b17c80689051e6f6a722c0923db7e7
SHA512

0c06a453aa214c23572ef8252620ba894166ded41ba012a81b0dd14f2ba54e6106d7eac9299e39fd3074c5e7a04efdefac5b480e00470d2c320e6e6e0b9c372d
SSDEEP

12288:OWZ0Y1x5FacLOiRb6fra142Qa1r8eOFWsoaGAJArCRB5Om41Z2xwk:L1Ic6G6fuWpOBLtfAhRHOmyA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4bef509d33cf6b5b8649ad7ede64857_JaffaCakes118

Files

a4bef509d33cf6b5b8649ad7ede64857_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa5226d64a46de4ba05671eadfea25d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

Shell_NotifyIconA

comdlg32

GetSaveFileNameA

wsock32

WSACleanup

ntdll

NtQueryInformationProcess

Sections

CODE
Size: 697KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE