10da29963b8cb11487f08fe6df73b7f8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10da29963b8cb11487f08fe6df73b7f8_JaffaCakes118
Size

34KB
MD5

10da29963b8cb11487f08fe6df73b7f8
SHA1

922f142a7227ac4f06d5f4bf58f7ecfbf393266b
SHA256

1ab88d036470861ed44750e1df52eb15f6bb52bae7862e8201c2966797082e7a
SHA512

e5c8c39c7a22f1f12ca4b5801acbfe5c50e5a5f290ec8c31065ce6aac154bd5df21a492ff9e98d309e7f27ff398e8bdde8da06052633f08fde3718fd1564f84f
SSDEEP

768:EY4bW7ThAglKpQP+7hGkKrXgn/R9eKw5bifXvip:E7C79AfGrrXg5ikC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10da29963b8cb11487f08fe6df73b7f8_JaffaCakes118

Files

10da29963b8cb11487f08fe6df73b7f8_JaffaCakes118
.exe .js windows:1 windows x86 arch:x86 polyglot

c1dc25e5ef1b66f9fad24608440c6755

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

urlmon

HlinkNavigateString

Sections

CODE
Size: 19KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE