41a751c68753c29b0c1c1c3eb7c1503a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41a751c68753c29b0c1c1c3eb7c1503a_JaffaCakes118
Size

209KB
MD5

41a751c68753c29b0c1c1c3eb7c1503a
SHA1

3964e83ed4e7d4411909c1447ec5faa5f4bbd085
SHA256

b40a25c2b92409950cefa4f4fc6359db1d8cc11408c09bc425a46538d4606aba
SHA512

30048bfedef9b924ffb6e7c9b76517a8117bee5cb6e7a6bd0a40186ed04c88385f5198a60ba9e050ac6fc77cf53d686830e9a0bc9a9c714d561abd2b9f80a122
SSDEEP

6144:s913vpdWlI+7bZDpRxUwLS+PkkGMe347xK5H:s9Bv7WlVFztjPkZf3MxKR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41a751c68753c29b0c1c1c3eb7c1503a_JaffaCakes118

Files

41a751c68753c29b0c1c1c3eb7c1503a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f459bd7c2a06a28211ab1cbe9fdd5a5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

PlaySoundW

hookpr

?StartInject@@YAIPAUHWND__@@0@Z

user32

IsRectEmpty

gdi32

ExtSelectClipRgn

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteKeyW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree

oleaut32

SysAllocString

wsock32

htonl

psapi

GetModuleBaseNameW

Sections

.text
Size: 195KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE