de6872f1b69528f004f1ccd7d525a741_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de6872f1b69528f004f1ccd7d525a741_JaffaCakes118
Size

743KB
MD5

de6872f1b69528f004f1ccd7d525a741
SHA1

05788b48ed4e218e6626e2bff103fb58953feea1
SHA256

4001bd61aa95185a0ca351b33b08b2d23224a3332e3de71ad7e70718ee938181
SHA512

0d221f0710d9251fbda875bbcc5a6a1772de0829c2490f2f237080acf79957716e171604a57a29b4f83c73590f919f3c2a4f9920ca3c4ed9993cd83d2155f5cf
SSDEEP

12288:hKxnrlvm/FHBELYZBwB7UMCDToneBSOYMAV1c4w0lzDx5UeZJpXAOk3WneiBIiNN:hKxn5eNhG6cbnFOZAVEozVF/7+YeiBJH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de6872f1b69528f004f1ccd7d525a741_JaffaCakes118

Files

de6872f1b69528f004f1ccd7d525a741_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7898692bf16e238a463129dda6a7ed01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SafeArrayPutElement

mpr

WNetGetConnectionA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

ShellExecuteA

comdlg32

ChooseFontA

Sections

CODE
Size: 689KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE