1576ae4823ebcbde9f832685ff31f191_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1576ae4823ebcbde9f832685ff31f191_JaffaCakes118
Size

245KB
MD5

1576ae4823ebcbde9f832685ff31f191
SHA1

3cff165387e2b12248641bb0b02788712d662cca
SHA256

767a4a403d71ae2bc9872848c9d613d4f8e15b7214acf9dc0026d8274fb636cd
SHA512

a1cbac3d702b619bf920c6f7059dc68c9b9b9a53d3d8d93337f354417111e8bbd3b39906a03529ca5f7e0b8b5ec51a4c17e3ef5e3958d0aca288e26be25ffa84
SSDEEP

6144:rTCFvAuEBXi2vJUtThtCGUzOn9J/iHqPiBU:fWUJi2viMGUzO9dwQiC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1576ae4823ebcbde9f832685ff31f191_JaffaCakes118

Files

1576ae4823ebcbde9f832685ff31f191_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a2839a0e2161689c5dfcc78661aa29e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

kernel32

CopyFileExA
HeapFree
HeapAlloc
lstrcmpi
GetProcessHeap
RtlUnwind
HeapValidate
IsBadReadPtr
RaiseException
ExitProcess
VirtualProtect
VirtualAlloc

oleaut32

DispGetIDsOfNames
DispGetIDsOfNames
VarUI1FromDec
CreateErrorInfo
SafeArrayAllocDescriptorEx
GetActiveObject
VariantInit
SysFreeString

Sections

.text
Size: 135KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ