117060932b8d73ba3922bf633a305829_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

117060932b8d73ba3922bf633a305829_JaffaCakes118
Size

765KB
MD5

117060932b8d73ba3922bf633a305829
SHA1

400bb6908fb19919bd110fbc46b46577162da049
SHA256

a1d40bcbd91502108e098ddc0c873d68080262d809df9863522597c41adf2a8a
SHA512

ed1453408730824f4a9aaf38ed4a90c8f5e5ee8cb368d0ff0f0eb71d5b6cd017bcfc540b8155e67eca56798cf0820c3d7bc4e3959f510529b7660cbd8faf2bb4
SSDEEP

12288:z+UHXM5dgCLE32WnE/L39juq4ogGSeQAAD/Cjl8FtZ7qljacfjBAJ+HV8BEtlOZ0:zzX+3LEGyE/L39RSrAAD/eeI6gV8u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
117060932b8d73ba3922bf633a305829_JaffaCakes118

Files

117060932b8d73ba3922bf633a305829_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1af0124bcc74444edfbf4751205e35e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

GetKeyboardType

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueW

ole32

ReleaseStgMedium

comctl32

InitializeFlatSB

shell32

Shell_NotifyIconW

comdlg32

GetSaveFileNameW

winmm

PlaySoundW

Sections

.text
Size: 678KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE