00b9cb8ef6e812fb36abe292a89d10fd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00b9cb8ef6e812fb36abe292a89d10fd_JaffaCakes118
Size

134KB
MD5

00b9cb8ef6e812fb36abe292a89d10fd
SHA1

d952b76ea58edcbcd06b91643c9be0b63ebfdc5e
SHA256

1c462ef0c43f0c7f9e8c8ab55dba5a9514cf26f730533d0c56f38d8692b7f4c9
SHA512

c0c28de14ce24dc58d247e94ced01f5edc77c9ead40878f6f6e00447a16551cb06d621ddb2f09bd0c4add2fb6010aa5905f4f897accf3dd713e23465be289d99
SSDEEP

3072:vfeozBBNBF3Cy4EUqYInZd3Xa+Sp9rM52oQsVhK38z:3eopB5R4UZBXlMELQQ4Mz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00b9cb8ef6e812fb36abe292a89d10fd_JaffaCakes118

Files

00b9cb8ef6e812fb36abe292a89d10fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b0765f781028a6024f26f17804062588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdiplus

GdipFree

advapi32

FreeSid

user32

IsWindow

oleaut32

VariantClear

gdi32

CreateDCW

shell32

ShellExecuteExW

ole32

CoInitialize

cabinet

ord22

crypt32

CryptHashPublicKeyInfo

msi

ord88

rpcrt4

UuidCreate

wininet

InternetOpenW

wintrust

WinVerifyTrust

version

VerQueryValueW

Sections

.MPRESS1
Size: 124KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE