b406b59f0a246994e752cce8bfaa2333_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b406b59f0a246994e752cce8bfaa2333_JaffaCakes118
Size

176KB
MD5

b406b59f0a246994e752cce8bfaa2333
SHA1

629d2bf0c0a477b104acbc65f11d9e655e0b3b52
SHA256

ee98d8ba5dc3ec510bce232891eb84f251d1f2118efa26e69893f561d9aeb410
SHA512

2b1244f8201b40106a4ee476185b5bdd7a1d27b172374ef5b31c045f42d28f0bd90da7a713c92b8570282bf83c2335117de2794375809197ae50cc895e86d76e
SSDEEP

3072:JdSWXlxtyQ8VBBtWCvsPpXlXf2Idq5RDgPGum6Dz4/nA9+eNcCttRHszfU+/0:+WTtC8C2zf2IdIRD4Zm6Dz4/nABaB/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b406b59f0a246994e752cce8bfaa2333_JaffaCakes118

Files

b406b59f0a246994e752cce8bfaa2333_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0a0626f6b68e7d53b61777fb759c354

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LockResource
lstrcmpiW
lstrcpynW
GetLastError
CheckRemoteDebuggerPresent
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GetCPInfo
EnumResourceTypesW
lstrcpyW
GetTickCount
lstrlenW
FindClose
InitializeCriticalSection
GetACP
OutputDebugStringW
DeleteCriticalSection
lstrcpyA
GetModuleHandleW

winspool.drv

DocumentPropertiesW

user32

SetTimer
wsprintfW
CharUpperW
PostThreadMessageW
CharNextW
DispatchMessageW
GetMessageW
GetAncestor
GetDC
TranslateMessage
KillTimer
UnregisterClassA

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ