JaffaCakes118_f8417b8acecddfcc9ebd68ee52b0665f | Triage

Sharing

General

Target

JaffaCakes118_f8417b8acecddfcc9ebd68ee52b0665f
Size

37KB
MD5

f8417b8acecddfcc9ebd68ee52b0665f
SHA1

3f725691705cbe0e548d5f9b0c8c433abe56e554
SHA256

409703d4425bb7a43a3b93b068e3444120ff79356fac7c8073a9f8f8aec8b6fd
SHA512

f4c1a72c3c21dec27dc4460b5d68b5f9a021bd98efb39ed216110e14688e459c7d334733a864133b92788bced092263667f7fa2f326d72282558e3ef15390bc2
SSDEEP

768:WrkiTwIMYKFaGT3p7HuBfHRzgUibmhWO:WVwccTpHIHGUph

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f8417b8acecddfcc9ebd68ee52b0665f

Files

JaffaCakes118_f8417b8acecddfcc9ebd68ee52b0665f
.exe windows:4 windows x86 arch:x86

9b643b0d6d09f7104cf772506c4e79b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

shlwapi

SHDeleteValueW

shell32

SHGetPathFromIDListW

urlmon

URLDownloadToCacheFileW

ntdll

RtlZeroMemory

wininet

InternetCloseHandle

Sections

CODE
Size: 22KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE