132d983fc82df1a7ce16edf0222cf4f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

132d983fc82df1a7ce16edf0222cf4f2_JaffaCakes118
Size

274KB
MD5

132d983fc82df1a7ce16edf0222cf4f2
SHA1

227cedbbe0dd822aeaf5602f2cd2c2b2f7838dbf
SHA256

eed9bd96a4c71c16ff74c08e32078ff5cbf99d323cb95c5a49d87a9216d8cc85
SHA512

f95897b1fe655c50016e1cf2080ece3f5f1889aaeaa63a3848af04924b7d502c873747b8627d1e9321fc055da9f71f322664064895d9437846da6d6fe8919bef
SSDEEP

6144:9nkC/AQf+vTU8q84m0xFEnBn/sPV4UEU3kwNSRdETlFH0Rcen3:6xQ8Ax84mEFE0REKZNSR4cqe3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
132d983fc82df1a7ce16edf0222cf4f2_JaffaCakes118

Files

132d983fc82df1a7ce16edf0222cf4f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

483185fb1d4b2722a6d0adb7d35a191b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

wininet

InternetReadFile

wsock32

WSACleanup

winmm

waveOutWrite

avicap32

capCreateCaptureWindowA

msacm32

acmFormatChooseA

ws2_32

WSAIoctl

Sections

CODE
Size: 261KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xiaohui
Size: 56B - Virtual size: 56B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ