eadd958ae12dc4711568dec0a1cf755b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eadd958ae12dc4711568dec0a1cf755b_JaffaCakes118
Size

305KB
MD5

eadd958ae12dc4711568dec0a1cf755b
SHA1

0ba83bcd3ac342a112fb8507a3298b1b178125d9
SHA256

ca27d9d470f279e29ef938f2243e8839f3199d032a6a11476f40f3c6341a1da1
SHA512

442b07a69f5ca8434cf9285eec88902525be4e4de68653c0a588fbfd8731f68e0fa1e7a230d94aa5dc26810ac7522f677308be1a70f4b0a7663890b1467f53bd
SSDEEP

6144:smD8vFiOi3ItHc2lypaA80KUn81XxnwDl2BJ/WA8DkpW:QvFri4euypaA8OnaXdwDl2bHE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eadd958ae12dc4711568dec0a1cf755b_JaffaCakes118

Files

eadd958ae12dc4711568dec0a1cf755b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5346f42580e3388cd64777aa50a1add6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetOpenEnumA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wsock32

WSACleanup

winmm

waveOutWrite

msacm32

acmMetrics

snmpapi

SnmpUtilOidAppend

inetmib1

SnmpExtensionQuery

Sections

pec1
Size: 291KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE