a738d11d323016051d5a6ee4732149d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a738d11d323016051d5a6ee4732149d2_JaffaCakes118
Size

998KB
MD5

a738d11d323016051d5a6ee4732149d2
SHA1

db2466d28bce36fe0a8ac858f7678e282c88e18c
SHA256

e06718857c0b8c464a382c306701599f72fb098652a8979a3f9d0c862674321e
SHA512

3259c322965bae0599da1e076c027fcd200c8aeb227c936d473435dfac45e5c67adfc832a33ac2d1930407844a38a55d0ec7bce62a31c63dfe5fa221f1918562
SSDEEP

24576:LCiFeMlmmcp5q/CsB1Rkr2lLa68nTawRlHz0bJ4k:LTeO/Csbc29a68TawrT0t4k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a738d11d323016051d5a6ee4732149d2_JaffaCakes118

Files

a738d11d323016051d5a6ee4732149d2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7c8abe14184660036988d6f66a50caea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

mpr

WNetGetUniversalNameA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

comdlg32

GetOpenFileNameA

Sections

pec1
Size: 169KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE