JaffaCakes118_20cbec00156786bbb8f3505ec451c712 | Triage

Sharing

General

Target

JaffaCakes118_20cbec00156786bbb8f3505ec451c712
Size

185KB
MD5

20cbec00156786bbb8f3505ec451c712
SHA1

13a4677960eb7011c4549b1747375658047e94e6
SHA256

647a18f570d05bf304a2f752aa3e46bac57a3b1aa05605976a630ec542b6680d
SHA512

24a4262aec82fd45736c62944d30097ea8a65cafb47155053a4606afadf6d9578a487811a5735e2d6ae7df81a39a2156f0984cb4f2907d9212f3a265da16a92c
SSDEEP

3072:PiWikRz6onQKh4NvWwqNoFrjpb3gh1gbuPBbi7sQVyugC9lZvRiSNy15cg+3g2LX:PXJ6iQ6KWsx2SuPBbi7lOC9fZiSq5m3f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_20cbec00156786bbb8f3505ec451c712

Files

JaffaCakes118_20cbec00156786bbb8f3505ec451c712
.exe windows:4 windows x86 arch:x86

784fb2ebd9c2a8d7b1559c6e1f1615a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontA
GetOpenFileNameA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

kernel32

VirtualQuery
HeapFree
GlobalAddAtomA
SetFilePointer
WriteFile
SetEndOfFile
VirtualProtect
GetOEMCP
GetSystemInfo
EnumResourceNamesW
RtlUnwind
GetVolumeInformationA
FlushFileBuffers
ExitProcess
ReadFile
GetCurrentProcess
HeapAlloc
FindAtomW

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
StgCreateDocfile

Sections

.text
Size: 98KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ