e284ccc8542716de680cc03e1cb06076_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e284ccc8542716de680cc03e1cb06076_JaffaCakes118
Size

170KB
MD5

e284ccc8542716de680cc03e1cb06076
SHA1

8d21d21cebe2b3389199d0195596a80590ce890a
SHA256

c66ea334ff35e06642c5aa4563ab48ec8a324d5df29c63298d769d79f8d24cdf
SHA512

f2f7c631ba370ea0f936b6a7f6f33ea34e7a1666ffcccf95dd462f69147c0533d9e59432baf1c4d1f0cbe6518b11e028cc55cc93c556f73bbaa81d4297228138
SSDEEP

3072:h4mMAeGoyiWu8dpAZDqrpd2ZjtHINadnPolFkV4SfEC4uTbqQsFVg+:h4mM3GaWJdpDVd2jIwCF24gC0IW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e284ccc8542716de680cc03e1cb06076_JaffaCakes118

Files

e284ccc8542716de680cc03e1cb06076_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea8a5b2ce28cf3c40af13001ec93ad94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemFree
StgCreateDocfile

kernel32

ExitProcess
VirtualQuery
GlobalAddAtomA
HeapFree
FlushFileBuffers
RtlUnwind
ReadFile
VirtualProtect
SetFilePointer
HeapAlloc
EnumResourceNamesW
GetOEMCP
WriteFile
GetVolumeInformationW
GetSystemInfo
SetEndOfFile
GetCurrentProcess
FindAtomW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

comdlg32

ChooseFontA
GetOpenFileNameA

Sections

.text
Size: 92KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ