43f80c13eba1c24db5b886b1ef80171f_JaffaCakes118 | Triage

Sharing

General

Target

43f80c13eba1c24db5b886b1ef80171f_JaffaCakes118
Size

23KB
MD5

43f80c13eba1c24db5b886b1ef80171f
SHA1

628c306f413540ef61ac46ba99265743ed775c62
SHA256

06cce93a2695dd6f4d3ac92cbe2570ceea5d780e316c1e62f2c4786db3c72236
SHA512

e009479cf1328a212c009f50a575d1f3eee978443399e498dea0a313847d5ab76aca3fa2098883aa6b1264931238971145ee2f4df5675398aea0cca3408060cc
SSDEEP

384:UsyIO9nHedQMvezk0xmIGz0+/o/PaMM8u8f/axPYzzAWiw4gdbdBMD6uI6loA:kj84frG4+OCVa/axmViwFdBMOuIE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43f80c13eba1c24db5b886b1ef80171f_JaffaCakes118

Files

43f80c13eba1c24db5b886b1ef80171f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

220ac197339ac393a79b5fa4400f4c83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

strchr

user32

SwitchDesktop

shlwapi

SHDeleteValueA

wininet

InternetGetConnectedState

shell32

SHGetSpecialFolderPathA

advapi32

RegSetValueExA

ole32

CLSIDFromProgID

oleaut32

SysStringLen

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

Sections

.text
Size: 19KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE