38931983f10f4be4fc989e72ceedd161_JaffaCakes118 | Triage

Sharing

General

Target

38931983f10f4be4fc989e72ceedd161_JaffaCakes118
Size

113KB
MD5

38931983f10f4be4fc989e72ceedd161
SHA1

98a522f54c8c9d00ccc2904167641e1ea085d813
SHA256

c9475723e5371481c8aeb1666934fa31532ed2928056766da082dbd5eaba1a40
SHA512

7106871fdc9bf0c54424d52c20a8de078e8ff73fe4f74fb26c4066c8a3ffdda190035729c8c7db42a0f5104782f0cfb600f694fbf7def8c19b1f5d4a3384e45a
SSDEEP

1536:ICMcGjGCdDcEDGcp/NH4P/s/9JS3WJiMVYBELdfZYsZD/0Uj3KA4Z/umlvdDGRHT:1MxPpLH4M/SSvVYqYsHj6rckiRHv1U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38931983f10f4be4fc989e72ceedd161_JaffaCakes118

Files

38931983f10f4be4fc989e72ceedd161_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21fd64e6aa40eb7907ceac926a7d46a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

netapi32

NetApiBufferFree
NetUserModalsGet

user32

LoadIconW
LoadStringW
MessageBoxW
PostMessageW

crypt32

CryptMsgGetParam
CertEnumSystemStoreLocation
CryptMsgClose

kernel32

GetCurrentThreadId
QueryPerformanceCounter
CancelWaitableTimer
SetUnhandledExceptionFilter
ProcessIdToSessionId
TerminateProcess
GetCommandLineW
CloseHandle
ExitProcess
GetModuleHandleA
GetLastError
GetCurrentProcessId
LocalAlloc
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentThread
GetCurrentProcess
LocalFree
GetTickCount
GetStartupInfoA

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ