c12114b9db125b505852cd828ddd74d3_JaffaCakes118 | Triage

Sharing

General

Target

c12114b9db125b505852cd828ddd74d3_JaffaCakes118
Size

808KB
MD5

c12114b9db125b505852cd828ddd74d3
SHA1

b4210f379daae7714411cf3f34a43433b7e79356
SHA256

84c3dec959703a8b4da4a80699c9824691ac0a09c2e10b27c1e2387c217639d7
SHA512

00dc1d4f3b70cd6f7789e0fb47c10da5b87163f66efdf660452fc03088fe0c82bbe292f9ca40c455cc3a1ac9a2d937b057fd13fdb433b3f23ffaf1db43d7a817
SSDEEP

24576:PybubCa4AEEqtLX8g8ChUae3HhZ39PqVr1r:aabcARaLX8zC0HhB9Purl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c12114b9db125b505852cd828ddd74d3_JaffaCakes118

Files

c12114b9db125b505852cd828ddd74d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bdbe287adc139bc40ee53b1e337c1f9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

mpr

WNetOpenEnumA

ole32

CreateStreamOnHGlobal

comctl32

_TrackMouseEvent

wininet

InternetReadFile

shell32

ShellExecuteExA

comdlg32

GetSaveFileNameW

winmm

timeSetEvent

Sections

.text
Size: 552KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE