f9aaa1fd0c4a4c305196c4a35eb8df79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9aaa1fd0c4a4c305196c4a35eb8df79_JaffaCakes118
Size

163KB
MD5

f9aaa1fd0c4a4c305196c4a35eb8df79
SHA1

03df7b2a09e9c477016459fce6a1281df59cc807
SHA256

84da7feb5414f2be138e23187f86dbc2425f7ba83fcddeeaf039621c1fbf73c4
SHA512

6d8fc84ebe919c8ee37ba91367bd53b49b7a5e49d1ed10fa942cf5a55274d77dd5bc4aebb9ccca7eb59bf16ef06eda66a53ad97eca5f7fca3d66684bf9bc0bf5
SSDEEP

3072:d8Y2wMhmt48GKNofd6gYdDvIgHvQFrwZo/lNh7T5OOXv5C1RPP+1:Yrs/Cl2zzQFrwi/l/5OgRmR+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9aaa1fd0c4a4c305196c4a35eb8df79_JaffaCakes118

Files

f9aaa1fd0c4a4c305196c4a35eb8df79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

03fdf6c04769480960ddb1ee51f15e10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wininet

InternetOpenA

user32

IsWindow

advapi32

FreeSid

shell32

ShellExecuteA

ole32

CoInitialize

oleaut32

VariantInit

ws2_32

recv

shlwapi

SHDeleteKeyA

psapi

GetModuleFileNameExA

mpr

WNetGetLastErrorA

rpcrt4

RpcStringFreeA

comctl32

ord17

ntdll

RtlUnwind

Sections

.MPRESS1
Size: 109KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r0wethsf
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

g8ny81lj
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ