d40e8015ce119841eb6489130eaacfdd_JaffaCakes118 | Triage

Sharing

General

Target

d40e8015ce119841eb6489130eaacfdd_JaffaCakes118
Size

179KB
MD5

d40e8015ce119841eb6489130eaacfdd
SHA1

2a5bcc889280df3249bf22200fc969b199e54d52
SHA256

7f82e7f2f03ee985f9068c54e391c4f062457ff057a85ed82a116e53930a2677
SHA512

5b37fabd4e810173b734f3b8d16f63b9e5300bf594e90dba864e3dcaa35b7557aa66862f96111f6e085c0a40e505b7d1d534a8592451c3f52ec427343d3b477c
SSDEEP

3072:oPUgmwFVcEjO+A+Z/y+xVXeLOvUx/NmWNQ4bqhsaobN1FrlwtcPHdIDYzEEyh9tm:Oy8jO+A+VxVXeSvU6WW4ehsLRHrlDS0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d40e8015ce119841eb6489130eaacfdd_JaffaCakes118

Files

d40e8015ce119841eb6489130eaacfdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8213f36ed4699fa57509d18ea53fa798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
IsDBCSLeadByte
FreeLibrary
MultiByteToWideChar
CreateFileA
lstrcpynA
FindResourceA
lstrcmpiA
EnumResourceTypesA
LoadLibraryExA
InterlockedDecrement
lstrlenW
FindFirstFileExW
WideCharToMultiByte
ReadFile
lstrcpyA
LoadResource
SizeofResource
InterlockedIncrement

oleacc

GetOleaccVersionInfo
CreateStdAccessibleObject

msimg32

TransparentBlt

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ