058bca33e04e5e0178494570ea65f63a_JaffaCakes118 | Triage

Sharing

General

Target

058bca33e04e5e0178494570ea65f63a_JaffaCakes118
Size

215KB
MD5

058bca33e04e5e0178494570ea65f63a
SHA1

2772d363aa95d92e7182b6e91489a8450c869d97
SHA256

bcb4390eefb5820fd980faea72b07e3c8a2c3ec8e80b2da1b991be784c320a3c
SHA512

c758824375f8ad29cc7e3d42d949433409828ba30afb7354662ecf49471cfbbfce720fbf3ac0d3226f6ae91ff5d31895fb94ff8f81b81664b0616a1352e5b095
SSDEEP

6144:9jC8Xv89OnhJVFfsFmCYjCmM0YgIuKWndGS6b0:9jCcvUOnnVFfsFmCRml8WndGZ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HOLZED v1.1/holzed.exe

Files

058bca33e04e5e0178494570ea65f63a_JaffaCakes118
.rar
HOLZED v1.1/changelog.txt
HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.1/keys.txt
HOLZED v1.1/readme.txt
HOLZED v1.1/settings.ini