de4358bcfa0271ffed2e347cbb83cf90_JaffaCakes118 | Triage

Sharing

General

Target

de4358bcfa0271ffed2e347cbb83cf90_JaffaCakes118
Size

269KB
MD5

de4358bcfa0271ffed2e347cbb83cf90
SHA1

ac597eed0e839b7231162fa274e0f8e2c73d1582
SHA256

4d2c2bbd562bf2d9b2d1b7ea1b65414f9968fa1731fe9730a09f747bf8d39357
SHA512

324be03a1e18fc0c9e9fc4abf37f7ebd6eb90ae3275451d436b51a8326bea5ca424e924cff2deda58000118735f369bae86d744dfbee6b7a44d7d505169a73ce
SSDEEP

6144:/XyZzlbS38X1MWY3x06tXG1wlzHJvO7JioA5k04xk:/sbS36Lcx06R6gJs45Ts

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de4358bcfa0271ffed2e347cbb83cf90_JaffaCakes118

Files

de4358bcfa0271ffed2e347cbb83cf90_JaffaCakes118
.exe windows:4 windows x86 arch:x86

036cdc4f606f4e77531dc52a80471d75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetReadFile

netapi32

Netbios

advapi32

StartServiceA

mpr

WNetGetUserA

version

VerQueryValueA

user32

CreateWindowExA

winmm

waveInUnprepareHeader

shell32

ShellExecuteA

msvfw32

DrawDibDraw

oleaut32

SysFreeString

gdi32

UnrealizeObject

wsock32

WSACleanup

avicap32

capCreateCaptureWindowA

comctl32

ImageList_SetIconSize

urlmon

URLDownloadToFileA

ws2_32

gethostname

Sections

CODE
Size: 258KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE