40800312a6cd0ba61c58cd315be71c7e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40800312a6cd0ba61c58cd315be71c7e_JaffaCakes118
Size

279KB
MD5

40800312a6cd0ba61c58cd315be71c7e
SHA1

68b11ad32c21dc1a5ce4ad0a3810d686d163e459
SHA256

bdabfabc1fadf97b657ca8ab5bf26391487a9bfff955f2066f78232b77db8804
SHA512

7fc666b23b7beea3107a2bd03b597066e90235730b9d63bbb535895ab93a2b068f8b62853a9867b6d347affa89ebf2889b05a11e6e6b66e4b8fed90cbdcea6ea
SSDEEP

6144:bOWaGnMpCNQKoaNYc5Q/+h5OtrFH/sZ7skrje/P7T1+:SWaGnnAq5O1Ff6Vjmd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40800312a6cd0ba61c58cd315be71c7e_JaffaCakes118

Files

40800312a6cd0ba61c58cd315be71c7e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3e777196f984a62e48716babdf1d039

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

kernel32

WriteFile
FlushFileBuffers
GlobalAddAtomA
ExitProcess
GetSystemInfo
VirtualProtect
GetCurrentProcess
VirtualQuery
HeapFree
ReadFile
EnumResourceNamesW
GetVolumeInformationA
HeapAlloc
SetFilePointer
RtlUnwind
GetOEMCP
SetEndOfFile
FindAtomW

comdlg32

ChooseFontA
GetOpenFileNameA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 144KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ