fe49f0bb9df7fe249647792c8648f803_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe49f0bb9df7fe249647792c8648f803_JaffaCakes118
Size

45KB
MD5

fe49f0bb9df7fe249647792c8648f803
SHA1

3b56e23188096388f48f953457484fc6c9ac2e12
SHA256

26a47e9ae5a3939db1ca0618bda7cb66391fd6e42185a2fc9264695535aadd2f
SHA512

5fe516a7a1131daedd49b69ba9e62964b9e30234519d36d8ee79e520b84a2573a2898f41f0ccc56015d8f3f87a7794231df4314d59681e73aadee7a8ce7dd36c
SSDEEP

768:sRJ8sWszOYqYwi/bv4HoAOh3FHExerMFjbebir7nVUmgW542AMnV2:sRJ8sTzU/i/bv4HfOh3FkIrMF2bi3Vnw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe49f0bb9df7fe249647792c8648f803_JaffaCakes118

Files

fe49f0bb9df7fe249647792c8648f803_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29d4d9a4e535bff721362e89820bef9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 39KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE