ceda04c0ff606d84888eebad76dafc03_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ceda04c0ff606d84888eebad76dafc03_JaffaCakes118
Size

323KB
MD5

ceda04c0ff606d84888eebad76dafc03
SHA1

f8b0798b03672cd26d074d86b5b29e052fcfd658
SHA256

fd3322c175195cd05ab87abe58df88c01e227436c23c29fe6ef57fb65386e815
SHA512

222f775a07d21a24035ad2b25675a90721fd4e11c99f9a01b3d2cc2dea40b323b361f86fc8149a8d782cafbab2620c9ef1b7d1e4889e093d43d3bb15940e3194
SSDEEP

6144:bX0RinMKEO26wIQ2h5rDnnC7nxV8sJGjjMOcGklCNcoEP2fUOHejfZ:YRinDEO261rrD4xV8sEjMOcbCNcxP5fZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceda04c0ff606d84888eebad76dafc03_JaffaCakes118

Files

ceda04c0ff606d84888eebad76dafc03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a4554be02b4893dbd114533e746cc29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

oleaut32

SysFreeString

advapi32

OpenServiceA

winmm

waveInOpen

msvfw32

DrawDibDraw

avicap32

capCreateCaptureWindowA

wininet

InternetOpenA

user32

CharNextA

mpr

WNetGetUserA

shell32

ShellExecuteA

wsock32

send

urlmon

URLDownloadToFileA

ws2_32

htons

version

VerQueryValueA

comctl32

ImageList_Add

netapi32

Netbios

gdi32

SaveDC

Sections

.rxjh
Size: - Virtual size: 744KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rxjh
Size: 323KB - Virtual size: 324KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE