f99010a3fc35d8c6df711f11fb9cb03a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f99010a3fc35d8c6df711f11fb9cb03a_JaffaCakes118
Size

430KB
MD5

f99010a3fc35d8c6df711f11fb9cb03a
SHA1

d593444f012a011de5824895f538aceafd0d5d0b
SHA256

dc8f7efb6b6f4c86ac62817f9c74a02ea18826711221b5a37d6e458324fe9492
SHA512

74e648c7d4db5cc599bd91a083e15d69762f028397d6283fc826e29c7d7f6b833cc3960a8bc825b96167fcabb471a4b6f8beda6904d030490a933824ee3550b2
SSDEEP

6144:fvualu5JlhG7qZV82J+5nFi3DNYgrYNFR7y/P8vzSbk9EjP0RF1anpKoHar6fJ:XFyXqqfv0ZkYPW/CzSbSET0RTaDfJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f99010a3fc35d8c6df711f11fb9cb03a_JaffaCakes118

Files

f99010a3fc35d8c6df711f11fb9cb03a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

336cbb82f2b0f9e5827d9fa13ac9b4e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

WinHelpA

ole32

OleRegGetUserType

shlwapi

SHDeleteKeyA

gdi32

SetViewportOrgEx

advapi32

RegQueryValueExA

shell32

ord165

oleaut32

SysFreeString

Sections

.text
Size: 402KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE