26ee5ce48be5ffea6f24e4d931765410_JaffaCakes118 | Triage

Sharing

General

Target

26ee5ce48be5ffea6f24e4d931765410_JaffaCakes118
Size

87KB
MD5

26ee5ce48be5ffea6f24e4d931765410
SHA1

6ee621af2598dce7beeaee2332e679cf7eb6a5b5
SHA256

dff5f7d67a81c32c316d4b2475088fc6841301b77de4dfa2b66328f292a4b7be
SHA512

fa8c9039ba4ed647c17e5ba32ab0a3a5c25a63ff0d4338ba3ecfcf870a9a5fa4029e3b1a5387ad0fb9771e866023a6da175477504b7fbdafb75c19634403578c
SSDEEP

1536:QlE6eP1EoklVYyayfnbYhms9jHfXkrXKdnS1JI4UsWBjfei03Cd/Y5IoCaB:07ePKoaY5yvbWo6aJazwCdATB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26ee5ce48be5ffea6f24e4d931765410_JaffaCakes118

Files

26ee5ce48be5ffea6f24e4d931765410_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13e69b6d27ce48997b43db00e91b8a07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

msvcrt

abs

user32

LoadImageA

gdi32

CreateFontA

advapi32

CryptAcquireContextA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

wininet

InternetQueryDataAvailable

version

GetFileVersionInfoSizeA

ole32

CLSIDFromString

oleaut32

SysFreeString

Sections

pec1
Size: 54KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE