d00625d5568bf2c4d08435f78dd3fa4e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d00625d5568bf2c4d08435f78dd3fa4e_JaffaCakes118
Size

1.0MB
MD5

d00625d5568bf2c4d08435f78dd3fa4e
SHA1

520afd350ae18159173e28d50d318c6be680d120
SHA256

83193672d701dd636968573f42261d78a122238e4a0c1c869b70821c4363df0d
SHA512

973b1afce28a1e1d489bfd56ed14ccbb7ff522f8ce8241f800bca67fd17f5c98cbda89d2aaca235ac5fa52f167848ff60580458c5b74a55348cb75a5f480382f
SSDEEP

24576:bZiVgpTSSlbSByUO5LfZhN0qKFIeFre0AUth77WSSNFMxr6CAET:bZxpTHlbSXkNhjiiuhWSSNF46CA2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d00625d5568bf2c4d08435f78dd3fa4e_JaffaCakes118

Files

d00625d5568bf2c4d08435f78dd3fa4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d6c2c0f98e03a399c1143eae679f633f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

msimg32

GradientFill

gdi32

UnrealizeObject

version

VerQueryValueW

ole32

CreateStreamOnHGlobal

comctl32

_TrackMouseEvent

winspool.drv

OpenPrinterA

comdlg32

ChooseFontA

shell32

ShellExecuteW

netapi32

Netbios

Sections

.text
Size: 1013KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE