JaffaCakes118_9546870659c8934b57e4b3f0a800a7b7 | Triage

Sharing

General

Target

JaffaCakes118_9546870659c8934b57e4b3f0a800a7b7
Size

278KB
MD5

9546870659c8934b57e4b3f0a800a7b7
SHA1

74a9540a18d4e049d7a5998d868971463960906a
SHA256

8f756b86e14313c69ebc187b269e70ce6758f4353829d7bf9df2f1ce6dbb191c
SHA512

ca2b2103bb4cb89c4a6fec842800cccaaf40fcecaa67b388d843b4946f1ce068b4e880efc38991d23b1964e941f3ada586bf863bea2dec29497797d79ff28126
SSDEEP

6144:zJuLHqE05i7ud7sksQTgBWsRskFuqPNlbfXCXEfzeT0gjA:zJuLKPg7ud4k17yskF7lb6XEfzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9546870659c8934b57e4b3f0a800a7b7

Files

JaffaCakes118_9546870659c8934b57e4b3f0a800a7b7
.exe windows:4 windows x86 arch:x86

b7ff5fe17edfc5a3221c7c4a8e367f08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shlwapi

PathFindExtensionW
PathFindFileNameW

kernel32

SetFilePointer
GlobalAddAtomW
ExitProcess
WriteFile
ReadFile
GetOEMCP
RtlUnwind
SetEndOfFile
VirtualQuery
EnumResourceNamesW
FlushFileBuffers
GetStringTypeExW
HeapAlloc
VirtualProtect
GetSystemInfo
GetCurrentProcess
HeapFree
FindAtomW

gdiplus

GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipGetImageWidth

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 144KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ