04d9039b6735ebc0e5d5687c65700a89_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04d9039b6735ebc0e5d5687c65700a89_JaffaCakes118
Size

605KB
MD5

04d9039b6735ebc0e5d5687c65700a89
SHA1

70aba7026d20666937866f6b362224095e20ea2b
SHA256

bcd1dc58d9ccf0ee6a616855a65ddb0dee3fa1a1e6a11e724b75836abc144ea4
SHA512

c9e03e09fb519c523fd2f909fd07529726bbdcde74e183c5edf6c76d9fc0c4b7346ba7a194e9056089d98b9d3d7c814b785dd473f54a1ba7a90aafdb2974df09
SSDEEP

12288:lblgvZenSemGtcKvMWfToZ5lj6rrY1BWzb:PgvZ0LoGrcBW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d9039b6735ebc0e5d5687c65700a89_JaffaCakes118

Files

04d9039b6735ebc0e5d5687c65700a89_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4089fe30323b0998ab170aa1ab245a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 589KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE