b3c538bc942b27da5c9e859868dc4cb9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3c538bc942b27da5c9e859868dc4cb9_JaffaCakes118
Size

277KB
MD5

b3c538bc942b27da5c9e859868dc4cb9
SHA1

1a76b44d9b98ab432fe294442d7b752d2548f414
SHA256

47fc53964bb2386cb56eeb049a3be8027a991ef0e6b8a573a49e2bc42d71a130
SHA512

93b764cac42daa811dc337987a52f59f362e8d9b5afa4fb0cc23bdaa72cbbe6ddfd4f174b1d206f31156ae5f7bfcf841c6672760b08615d8ed0e80657d042afb
SSDEEP

6144:b+Ndhk1C9RHw+vjAqNT/coL5hd27fx3HD0+HZB9JN4Z:6NdO1CICT/Dyx3Hh34Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3c538bc942b27da5c9e859868dc4cb9_JaffaCakes118

Files

b3c538bc942b27da5c9e859868dc4cb9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

148d6ac0901b160c35d647829206a381

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetEndOfFile
GlobalAddAtomW
HeapFree
VirtualProtect
RtlUnwind
GetOEMCP
ReadFile
VirtualQuery
EnumResourceNamesW
GetCurrentProcess
GetStringTypeExW
FlushFileBuffers
HeapAlloc
WriteFile
SetFilePointer
GetSystemInfo
FindAtomW

shlwapi

PathFindExtensionW
PathFindFileNameW

gdiplus

GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipGetImageWidth

oleacc

CreateStdAccessibleObject
LresultFromObject

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

Sections

.text
Size: 142KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ