c10e8528a88e14fe41d9625f283cc74c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c10e8528a88e14fe41d9625f283cc74c_JaffaCakes118
Size

455KB
MD5

c10e8528a88e14fe41d9625f283cc74c
SHA1

c1a8d47dd3b4691dee225de868d213d2c052c086
SHA256

129c973a0ed46b2fa610b20813661694cd279af9bcc07c3e56df02479cd0546e
SHA512

477fb97d99d282f1e8e42823ff5470cb1a4df7b1a8b91ba8783af813f1500302c7751e5e873f2f707fee2bc59cf2f2a90f27ea46c3292515dbabc8ac20c71b7b
SSDEEP

12288:zUAOTRYAOFvJ8y1en4KGs5OV8Um4VKtzy8mIhRBP/4y:0RBy1e4KG0V4VKtzy8mI5Pgy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c10e8528a88e14fe41d9625f283cc74c_JaffaCakes118

Files

c10e8528a88e14fe41d9625f283cc74c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4bfa6e825a4206816ed8756369bf3f15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wsock32

inet_addr

wintrust

WinVerifyTrustEx

wininet

HttpOpenRequestA

shlwapi

SHDeleteKeyW

version

VerQueryValueW

user32

CharLowerW

gdi32

SetBkMode

advapi32

RegSetValueExW

shell32

SHBrowseForFolderW

ole32

CoCreateInstance

oleaut32

SysAllocString

comctl32

ord17

Sections

.text
Size: 390KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE