afcc080e68333bacd0af1cc32e06d873_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afcc080e68333bacd0af1cc32e06d873_JaffaCakes118
Size

48KB
MD5

afcc080e68333bacd0af1cc32e06d873
SHA1

1ee50f72a1e054b2b11845822de4847e2d6df8d2
SHA256

c52eabce19dc21e3cfbd3a67aa9bfcc07455e581b5fa942ea39cf366f2dedf9a
SHA512

50cabac349cae7a1ee285e7321062f5fd95fb4aa3492f5736ac6311c24b7558c3f5efb69e24c9d00ce008284d4798566869855e8de1d2cd4f3cd69bd910bcc95
SSDEEP

768:XDfoX3WDtkEDIite6IPMMl1SuJKqyLohnQ3/:zfoX32e6eMo1TJKqOr3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afcc080e68333bacd0af1cc32e06d873_JaffaCakes118

Files

afcc080e68333bacd0af1cc32e06d873_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9534fcd0f693009c88102eb0630b67fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

urlmon

HlinkNavigateString

Sections

CODE
Size: 18KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE