256a1c5e44139af67844dde0503d4def_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

256a1c5e44139af67844dde0503d4def_JaffaCakes118
Size

131KB
MD5

256a1c5e44139af67844dde0503d4def
SHA1

f1f189a9f72e0581b73378f8a0d86b5143312b46
SHA256

62e947239afe3d896e295b9c2d11b50bdc223ac020e74d6f561c7873b0a5a775
SHA512

d80c017272a627563db3bc8d9631ddd8e1aa241334efa55c494b15bff39cbe10bbbf9e48dc8d7364a7fdcde2ce69ee54c4abdca7f8a5485080935d759a0a02d3
SSDEEP

3072:A2e5G4YmGX7+gMzSnROh6sHSOuoke0cbbTo/11iVTh7Kcaz8EwqvJaF:oL+Mzvh6sqokh2b+1c0TZJaF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
256a1c5e44139af67844dde0503d4def_JaffaCakes118

Files

256a1c5e44139af67844dde0503d4def_JaffaCakes118
.exe windows:1 windows x86 arch:x86

a110531a87e9a90a0f8653b00a50f512

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

Sections

CODE
Size: 122KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE