bf3a505ee251d47913e15fdcc92d82a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf3a505ee251d47913e15fdcc92d82a2_JaffaCakes118
Size

382KB
MD5

bf3a505ee251d47913e15fdcc92d82a2
SHA1

b522de2879597369a93ead9d9b91070892ce64b5
SHA256

416f27f52a0e089f9af874d1627a2706651626ce94a4852e88c816aece1c6885
SHA512

b56bf7744e9ac06e5889f0e2f32d3b686690dd7eb41f1621d1d3e01d4151323ad127b33af58d5134828670e9136379438f46c71837a2fbdb753bfcb9ef129ca3
SSDEEP

6144:k2NMxaNm5fekeCDb3iTGtRcN1QulR08Br79iG+f16cWNsU2kK+LPNFkyP:gxbfekXDbyTXPQulJkUcoK+TLt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf3a505ee251d47913e15fdcc92d82a2_JaffaCakes118

Files

bf3a505ee251d47913e15fdcc92d82a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cba6dc6f7ded5aeed305c1bbcf5778f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mpr

WNetOpenEnumA

gdi32

UnrealizeObject

shell32

Shell_NotifyIconA

user32

GetKeyboardType

wsock32

WSACleanup

wininet

InternetReadFile

advapi32

ReportEventA

oleaut32

SafeArrayPtrOfIndex

avicap32

capCreateCaptureWindowA

msacm32

acmFormatChooseA

version

VerQueryValueA

ws2_32

WSAIoctl

winmm

waveOutWrite

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 369KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tianwai
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE