07563587bf4114d8e865b347c7968f52_JaffaCakes118 | Triage

Sharing

General

Target

07563587bf4114d8e865b347c7968f52_JaffaCakes118
Size

241KB
MD5

07563587bf4114d8e865b347c7968f52
SHA1

79331b38041c997996f93b8e2d4365d1f74a3033
SHA256

c98be8f638f4d3b6e8ad9711058c649cae363756b1a9e677ce0ad2669f8b68ce
SHA512

54838170c339d6688afa3f08462f136be6ddb31ef9c8ef3bd4dd04c3aa999970b542c63d780475f9a67f79216099654b9c002c619f482bb20858898022a2b203
SSDEEP

6144:vkBZy/geEsqovLQEc1W0gEHpobffR0b/LNbG0fUSBNf94DywF7:YkqovLFc1LZJwfp0zLNfFNf9ml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07563587bf4114d8e865b347c7968f52_JaffaCakes118

Files

07563587bf4114d8e865b347c7968f52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e74e97d8c96dd7e21134445cee6a95f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

kernel32

GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
GetProcessHeap
GetTickCount
GetFileSize
WaitForSingleObject
GetSystemDefaultLangID
LoadLibraryA
GetWindowsDirectoryA
CloseHandle
DeleteCriticalSection
GetModuleHandleA
ExitProcess
FreeLibrary
CompareStringA
SetLastError
InitializeCriticalSection
GetLastError
GetSystemDirectoryA
GetCurrentProcessId
GetModuleFileNameA
ExitProcess
GetSystemTimeAsFileTime
GetVersionExA

user32

SetRect
GetSystemMetrics
GetWindowRect
GetDC
EnumWindowStationsA
IsIconic
SetForegroundWindow
ShowWindow
CopyRect
GetClientRect
GetLastActivePopup
DrawIcon
ReleaseDC
TranslateMessage

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.strings
Size: 5KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ