f033417ec3975a0449c4afe47428d491_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f033417ec3975a0449c4afe47428d491_JaffaCakes118
Size

282KB
MD5

f033417ec3975a0449c4afe47428d491
SHA1

e9db89203de4b2ab1ef7d1e8e226b35893b0c104
SHA256

d5a074048dbf90adea4522f1bb652d5e20ba8080686a185300628de639a78404
SHA512

c81a69164f456d3f8232965330d250c3bc4e7f427d63f6e6e4f5c8c668d5eb278ad6001b7ff42270c83854d3a93cd9cc3c7dbe5a8c73b6e7cf5474208559feb8
SSDEEP

6144:zbgS+yIZfnsG0fJu/UtaXFpw+xlsyGxi:zkp/Zfh0fXuFpDfVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f033417ec3975a0449c4afe47428d491_JaffaCakes118

Files

f033417ec3975a0449c4afe47428d491_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d499e4e57837ed797697ee335a4487df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

wininet

InternetReadFile

wsock32

WSACleanup

imagehlp

CheckSumMappedFile

winmm

waveOutWrite

avicap32

capCreateCaptureWindowA

msacm32

acmFormatChooseA

ws2_32

WSAIoctl

Sections

CODE
Size: 268KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE