d3a8f87014ca5a3f78038dc297a09d5e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3a8f87014ca5a3f78038dc297a09d5e_JaffaCakes118
Size

149KB
MD5

d3a8f87014ca5a3f78038dc297a09d5e
SHA1

004d80426cad4539f617abc0770446d44ded22f6
SHA256

d2ba66a2aed5a93490038173afb429a25c8131ef1a11306a7024990eb63a12b1
SHA512

4de4c6db6861d730523d247b9f051995d2f74fed17ea9545bffb008751e4c81f411bf6f7b2ff3555d0138c467293aa3de03b6ca738f19980780ec86cc14168cb
SSDEEP

3072:7W2qLFtLRMam6F5o4sRF683wHnAVQsAueN/lcAxFRtugi/GouLAKXu7:jgFtLRhm684sD683wHYQSe1lcAxVugi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3a8f87014ca5a3f78038dc297a09d5e_JaffaCakes118

Files

d3a8f87014ca5a3f78038dc297a09d5e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8c429e7bb82b0bbc8f4cb91e614b1d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

winspool.drv

DocumentPropertiesW

kernel32

lstrlenW
GlobalFree
lstrcpynW
GetCPInfo
CheckRemoteDebuggerPresent
FindClose
GetACP
LockResource
EnumResourceTypesW
GlobalAlloc
GetLastError
lstrcpyA
lstrcmpiW
MultiByteToWideChar
DeleteCriticalSection
GetTickCount
InitializeCriticalSection
WideCharToMultiByte
lstrcpyW
OutputDebugStringW
GetModuleHandleW

user32

GetMessageW
PostThreadMessageW
TranslateMessage
CharUpperW
SetTimer
KillTimer
GetDC
wsprintfW
CharNextW
GetAncestor
DispatchMessageW
UnregisterClassA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ