c0cfcc82445a8bc519fc4434f80f0475_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0cfcc82445a8bc519fc4434f80f0475_JaffaCakes118
Size

188KB
MD5

c0cfcc82445a8bc519fc4434f80f0475
SHA1

752e068293a4d6fa3cc83abb9f4a1a1ac41a312f
SHA256

58b5b8bd02d9d790b04700d096ddb506e255f0715bb556d29157dd86c9b30a89
SHA512

e9dc1d464e968638a951974fb4ac7432a8a46aeef6f78f44b8182695cb62e1885e70f47e559677bcc3f2614f915e7a77ac1804ecf20f843fbf066bfeba24f18a
SSDEEP

3072:8O40sYMJ4pm+LJAQzl98Mpkrn58HmNoaakcMqUXT6cISECH4a/Wxx7mrs+qQ9iQ:L40slOE+hzlGh75Om2JUD3IBCYa/WxCL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0cfcc82445a8bc519fc4434f80f0475_JaffaCakes118

Files

c0cfcc82445a8bc519fc4434f80f0475_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8ef20d93e2b40398e80edde40271bdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

hooklogin4f

?StartInject@@YAIPAUHWND__@@0@Z

user32

DestroyMenu

gdi32

SetMapMode

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

advapi32

RegQueryValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject

oleaut32

SysAllocStringLen

psapi

GetModuleBaseNameW

Sections

.text
Size: 174KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE