bbf58057d5c1379edd7e7141518c6f15_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bbf58057d5c1379edd7e7141518c6f15_JaffaCakes118
Size

397KB
MD5

bbf58057d5c1379edd7e7141518c6f15
SHA1

fbd098b01eb3e4665bd79c9c31f4fc7c2d73dab3
SHA256

a4417bc824de3a10828dd3b49e737e859f50af25aa96ab2b83fc31d19a1d6b56
SHA512

7223786ae7af0ec1c8d3ba5639aba87faea55698c5c4258c2e26fe66f04382c5dbda7eca7248b4d6e0db4d1724df745f0617d9862240888d3ee2b988bf143960
SSDEEP

6144:J8d8RQa7j5lKlhZNadTAsM22zzT/MbRbz3gROUPaGxiCgH0ZYtEkdQ3P440yN:J8d8fZl1TAz4NbDpU/xiCvsYP44L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbf58057d5c1379edd7e7141518c6f15_JaffaCakes118

Files

bbf58057d5c1379edd7e7141518c6f15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c07534849a57ea907588949ce7ac366

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualProtect
GetModuleHandleA
GetProcAddress

oleaut32

VariantCopy

avicap32

capGetDriverDescriptionA

mpr

WNetGetUserA

advapi32

SetSecurityInfo

winmm

waveInStop

gdi32

SaveDC

wininet

InternetOpenA

version

VerQueryValueA

wsock32

send

user32

GetDC

msacm32

acmMetrics

imagehlp

CheckSumMappedFile

comctl32

ImageList_Add

shell32

ShellExecuteA

ws2_32

WSAIoctl

Sections

.text
Size: 388KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nblh
Size: 17B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE