JaffaCakes118_1f589d8ebed6941364c045855980148f | Triage

Sharing

General

Target

JaffaCakes118_1f589d8ebed6941364c045855980148f
Size

169KB
MD5

1f589d8ebed6941364c045855980148f
SHA1

5be03970a7e53a094c21d9f210a8bd277c20c377
SHA256

1795680039b7f5ea2136fdf7737224a050793f2b880293cc677d9c6364ce54b5
SHA512

be6f01ba8090c6da94e4009199de31a7b800f3ebe7e72e4aa6efc14c798532c2aa7ee60888b7c2e390f86def9059d02053f1b3ccb6c7e808c7d0cad0bb7c95d6
SSDEEP

3072:auJwwuZ7D7SX9rYJebD58bL4FD5Bdt03vsVpJfwVddWpWVgTuK5L:a4uFU9rCebD58b0tBVHfGjOugTuw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1f589d8ebed6941364c045855980148f

Files

JaffaCakes118_1f589d8ebed6941364c045855980148f
.exe windows:4 windows x86 arch:x86

644a796a8f0f366ea01a3d66daa4b219

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

kernel32

GlobalAddAtomA
ExitProcess
GetStartupInfoA
GetTickCount
QueryPerformanceCounter
LoadLibraryExW
EnumResourceNamesW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
Sleep
SetUnhandledExceptionFilter
FreeLibrary
GetLongPathNameA
FindClose
GetProcAddress

comdlg32

ChooseFontA
GetOpenFileNameA

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

Sections

.text
Size: 88KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ