034f3d32fcf0ff9b104a97c755282964_JaffaCakes118 | Triage

Sharing

General

Target

034f3d32fcf0ff9b104a97c755282964_JaffaCakes118
Size

1007KB
MD5

034f3d32fcf0ff9b104a97c755282964
SHA1

ca7a94f4e1865aa44b4206595bbfa66a0f686ea0
SHA256

022102dab5495bbd93eccf2fb51b0b1232f45e73f4bb293eaf8ec83fad9d2246
SHA512

9bf179f11a882d133b76a273bdcf453c0d67abfbc9f21b8e890d8227b9c5fee870927a07847d6ee1cf7a9d41ad1217d9fe9f59df1f34de5f1175a47cb8a94b9f
SSDEEP

24576:qeeSlSySdrEuec/XqXOXJINw3Vy1eij8RxX7SKrSS9b4LcWId:q2wySRfecSXOZB3YIij8R1SKrMd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034f3d32fcf0ff9b104a97c755282964_JaffaCakes118

Files

034f3d32fcf0ff9b104a97c755282964_JaffaCakes118
.exe windows:4 windows x86 arch:x86

522c1ea9bc4f0409a99b916ba3991258

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegCloseKey

user32

GetCursorPos

gdi32

SelectObject

shell32

SHGetSpecialFolderLocation

ole32

CoRegisterMessageFilter

ws2_32

WSCEnumProtocols

wininet

InternetCloseHandle

msimg32

GradientFill

comctl32

ImageList_ReplaceIcon

shlwapi

SHDeleteEmptyKeyW

oleaut32

VariantChangeType

wsock32

WSAGetLastError

iphlpapi

IpRenewAddress

winspool.drv

ClosePrinter

Sections

.text
Size: 968KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE