be6be252df1229cec26acaf695d6879a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be6be252df1229cec26acaf695d6879a_JaffaCakes118
Size

498KB
MD5

be6be252df1229cec26acaf695d6879a
SHA1

480bba097b26331816bceac8cadc11153621753d
SHA256

86a0b4a2aec0b08e093c9454462e711805438becee694aa1163d571153b98b37
SHA512

a1fb89c7753aab07b04443f26613b90b760a28795629e4fa5729a5cd38280e93b410308d36e43a8db3d868ea123e0c2c19e77212347cc00d18b13bd993a7e5e4
SSDEEP

12288:+4tzsTWMj5uCg7+QweQM93WQPhNTfC2pV9GEacV7:+4tzYjUz7EeN5/02pnXV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be6be252df1229cec26acaf695d6879a_JaffaCakes118

Files

be6be252df1229cec26acaf695d6879a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf06d5320ebc0a7b538be87cdc925cb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

LoadStringW

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueW

ole32

OleUninitialize

comctl32

InitializeFlatSB

winspool.drv

OpenPrinterW

Sections

.text
Size: 410KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE