017c56480fcd2eaa5b5891721868d063_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

017c56480fcd2eaa5b5891721868d063_JaffaCakes118
Size

24KB
MD5

017c56480fcd2eaa5b5891721868d063
SHA1

8f6f68d98548954d68547e4e1e0b89a8a8b18499
SHA256

c53125720b365164e8598b2a2090e2fefaf0a6bb0742362645f7f7f36619d5e9
SHA512

da7a114c98185f8a8c4f24be00174beb3a0a3815b3c32370e542f4279125ce7f10fbc480bd11d5c38d2edd41583b50c325ab9967de575632d8f339fbcf2c0a0d
SSDEEP

768:yd9FZLvaC1IhIYYsM0wcE3j3CYpUJeOC:AZuSIhdYsGceOYp8bC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
017c56480fcd2eaa5b5891721868d063_JaffaCakes118

Files

017c56480fcd2eaa5b5891721868d063_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfef8918eb06fe9cd292b786655a4658

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

urlmon

URLDownloadToFileA

Sections

CODE
Size: 18KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE