d0f57d79846163babf3e6ddbaa4d00ff_JaffaCakes118 | Triage

Sharing

General

Target

d0f57d79846163babf3e6ddbaa4d00ff_JaffaCakes118
Size

636KB
MD5

d0f57d79846163babf3e6ddbaa4d00ff
SHA1

7478f913ba399aef5eb41aa088c535ed18f63b6b
SHA256

365388c20387a36fd7c4259960554944449167a882808e1590089728214969da
SHA512

7fc803de3920247aff13fbc08f441b3a0d7b7bfcf984805ef82016a19e1a873ac88ec25b8b7ae4362e10fd896c4d5ab5adb3b4fe5490586c188332ef3ff92ec7
SSDEEP

12288:8js3NstcrLWOUHqvAq91nTr8WC4oDod1GwbehSppwwf9f9hflg:8jAr/WcvAUZf8HdIe4Lw8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0f57d79846163babf3e6ddbaa4d00ff_JaffaCakes118

Files

d0f57d79846163babf3e6ddbaa4d00ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0a58a903eb988d279993cedb83aef40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA
GetKeyboardType
CreateWindowExA
DdeCmpStringHandles

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
GetModuleFileNameA
DeleteCriticalSection
TlsSetValue
lstrcpyA
Sleep

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileA

comdlg32

GetOpenFileNameA

netapi32

Netbios

Sections

.text
Size: 21KB - Virtual size: 24.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE