16f58fa04950abc8434a6f276ecb7572_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16f58fa04950abc8434a6f276ecb7572_JaffaCakes118
Size

1.5MB
MD5

16f58fa04950abc8434a6f276ecb7572
SHA1

93848349297d528c88034682b2c12b8973626178
SHA256

ee8f7cb9e8dac20f527909ccced5a2edd717ea1167569ba88b151eb05b82a596
SHA512

3ef6939a3da3edd5bbe04706a45555b0289954bf9bcdce82838523bc424e442ae39edb1c3a1ee2214b1087166aa3e3e2748d253de89b864d4f60770ebeda0923
SSDEEP

24576:/znESgctc8YxbHZCgeapVzCUs/Sybj0EZQtLvjXXI8F0JmjeGpB1zTDhb9cbwl:buckH8kVOUmjjTQVv1CJmPpB5hWsl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f58fa04950abc8434a6f276ecb7572_JaffaCakes118

Files

16f58fa04950abc8434a6f276ecb7572_JaffaCakes118
.exe windows:4 windows x86 arch:x86

958ec0d86513a665c183962d997ec155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

OleDraw

comctl32

ImageList_Add

shell32

SHFileOperationA

winmm

timeGetTime

Sections

.MPRESS1
Size: 1.5MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE