a9beae64e2e8fd91737803e3b9b0711d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9beae64e2e8fd91737803e3b9b0711d_JaffaCakes118
Size

183KB
MD5

a9beae64e2e8fd91737803e3b9b0711d
SHA1

85a2cca7787c8c745c260f8c4cfa2728d7b27661
SHA256

2ca95e7690f705fad9113e74e066d693d3adbb12418a83568c17b66b48e6e5a4
SHA512

13bea5a2bda05389f819badd14bfba62f52a3ce8dfc15ce089c97224de46ef400e946bc7d723dd65ba091c4b5f80be9bc1003753d049e343fa655691980143ec
SSDEEP

3072:TPE5UgwX8M+83rxbPCLsVeTEfjVTaLb8HGtTGh9Str27Ss2c2Lnv4vQ6lW10Ts/g:TPENVM+YRKgVeTEfxnWGh917Ec2Lnv4D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FileMD5.exe

Files

a9beae64e2e8fd91737803e3b9b0711d_JaffaCakes118
.rar
FileMD5.exe
.exe windows:4 windows x86 arch:x86

3decea29d3e0253228d2a018fbd124f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CLSIDFromProgID

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

DragQueryFileA

comdlg32

GetOpenFileNameA

Sections

CODE
Size: 171KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE