d394f24297a2e89b5cb1fca35b9d17b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d394f24297a2e89b5cb1fca35b9d17b9_JaffaCakes118
Size

278KB
MD5

d394f24297a2e89b5cb1fca35b9d17b9
SHA1

c621689d9302b18341a2b27efd23e383116caca1
SHA256

7361dbff04223cd8ab114f75a99e5da3b7af01f26243beb08f95f06eed66d138
SHA512

fb526af750c238d701f976229a8f5fe96000c2c9a858a68948650dad2326475c6c0f46b3afcc3378ed0985a7438d44033019177233d236ef1fc292280b1184fb
SSDEEP

6144:sI/VoJXv4CKhP1uSBJCdgQ4SjdjwfaRNEQXtLY:j2FwzzBJXQxjdoaE+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d394f24297a2e89b5cb1fca35b9d17b9_JaffaCakes118

Files

d394f24297a2e89b5cb1fca35b9d17b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62ef6f735a1839416ea5c68f5df208bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

ChooseFontA
GetOpenFileNameA

kernel32

LoadLibraryExW
GlobalAddAtomA
QueryPerformanceCounter
GetStartupInfoA
FreeLibrary
RtlUnwind
InterlockedCompareExchange
ExitProcess
EnumResourceNamesW
SetUnhandledExceptionFilter
GetTickCount
Sleep
GetLongPathNameA
FindClose
InterlockedExchange
GetCurrentThreadId
GetProcAddress

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
StgCreateDocfile

Sections

.text
Size: 138KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ