db00f2a776a1649c43e40e1949a0cf17_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db00f2a776a1649c43e40e1949a0cf17_JaffaCakes118
Size

383KB
MD5

db00f2a776a1649c43e40e1949a0cf17
SHA1

bd0875a3e3e42908516e263cfbf8b33ad1ab27d6
SHA256

a2bce7262c7e033fdb511b97227e3886014834448f5e9cd03e2401bd3be3045f
SHA512

184b13a71aa47cdaa0b95a18b26af290b0dbef4eb24cf5496545d2999214fc3d4c4e571d1f3705aeabed1afebc42aa6eadae930abc281464ca17573c4b81921f
SSDEEP

6144:P4O4RweV6rocnDLdxbwkgkRoFbym19OZ3KStbYIvHpAxq6u9dQbAXnsyIq5jlWNy:lEwc1cnPEkgkROby+E3DxYSpSgdQb8ns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db00f2a776a1649c43e40e1949a0cf17_JaffaCakes118

Files

db00f2a776a1649c43e40e1949a0cf17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

568792a24bf2379566bd2f782498073f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

waveOutWrite

oleaut32

SysFreeString

advapi32

ReportEventA

shell32

Shell_NotifyIconA

avicap32

capCreateCaptureWindowA

msacm32

acmFormatChooseA

wininet

InternetReadFile

ws2_32

WSAIoctl

gdi32

UnrealizeObject

version

VerQueryValueA

mpr

WNetOpenEnumA

wsock32

WSACleanup

user32

CreateWindowExA

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 371KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

love
Size: 50B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE