e917ff9039c51d1c64cd37e4a63053d2_JaffaCakes118 | Triage

Sharing

General

Target

e917ff9039c51d1c64cd37e4a63053d2_JaffaCakes118
Size

280KB
MD5

e917ff9039c51d1c64cd37e4a63053d2
SHA1

fc3bf93a2c1b18f1c49bb59bfd717c0f4e245767
SHA256

b43c5c23508e0343f98d0f134c713798b93be232d6c3b8886f30328529a17ab6
SHA512

58c841e2d848e1f4ca00a7f3c06df07cac9b259a234bc080342f8e406d3f12e52eb6602806186e44473b370ecd31a77ea25a3a5b748432a3d2aab11b3948ecc7
SSDEEP

6144:02c4k+gmIU48vAMOI2lmovX3bUUi4fVsfD6XaCwMfnigmNVes:02c0gmIX8YMOI2lmKiKCDTg0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e917ff9039c51d1c64cd37e4a63053d2_JaffaCakes118

Files

e917ff9039c51d1c64cd37e4a63053d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b44373ce3ec92aba5ebcca14af6bbf9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemFree
StgCreateDocfile

comdlg32

ChooseFontA
GetOpenFileNameA

kernel32

SetUnhandledExceptionFilter
GlobalAddAtomA
QueryPerformanceCounter
GetTickCount
FreeLibrary
FindClose
EnumResourceNamesW
GetStartupInfoA
LoadLibraryExW
Sleep
RtlUnwind
GetLongPathNameA
InterlockedCompareExchange
ExitProcess
InterlockedExchange
GetProcAddress

Sections

.text
Size: 148KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ