d1ba8051363c2a21e8cb61e69217fe6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1ba8051363c2a21e8cb61e69217fe6a_JaffaCakes118
Size

582KB
MD5

d1ba8051363c2a21e8cb61e69217fe6a
SHA1

708522f1e3ea1a59b5325c48511c9c8e526c41df
SHA256

5963d9819be719506f52bc18e859924134175f1de3e900d0fa99f9c6bdc6dad6
SHA512

59310b87facc5e72f7f96d4ae58a176826bce941b464b64064a8fb201e3a816cbd352cbd5395a460b053eebc10887e816b081c76ff6e2e1488ebba80023a73b8
SSDEEP

12288:DqQYNqD7v6kQKDmkhUJhWWVVMCcLHB9NULoxGkg3HH5Kkmnt2YBJDV93pPgSX8cL:DlF7v63MhOEWPMCcLHB9iA7g3HH5KZtf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1ba8051363c2a21e8cb61e69217fe6a_JaffaCakes118

Files

d1ba8051363c2a21e8cb61e69217fe6a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

403c9aa35cf9c4d048fb71c79b842d50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

msimg32

AlphaBlend

gdi32

Pie

version

VerQueryValueW

ole32

IsEqualGUID

comctl32

ImageList_Add

winspool.drv

OpenPrinterW

Exports

Exports

EndHook
StartHook

Sections

.MPRESS1
Size: 567KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE