0842130306ba752fa1164f5ded671897_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0842130306ba752fa1164f5ded671897_JaffaCakes118
Size

269KB
MD5

0842130306ba752fa1164f5ded671897
SHA1

2fe98e988316a3c76f38429e6bf6ec483bad0c6c
SHA256

7e35b18fc1673b54968ef1f70c2da96803a5151a6e606784b81d2f0e48fed51f
SHA512

f9bf4d7a30cb43aa0b27245f2e71e2f746204c5f3cdead5e5c734f736adacd246ad7cb4df4f0021987bad1bc79e901e00c774fd4a2fa0a92dea9d8d5f29e10f5
SSDEEP

3072:DVtw9tqXE0xLQ+ZKeRFyLMmny5pM2ADaXQe3B62TKdP3ZuW7D8u7jfPqqjH1xee+:DtPxLRKeRF4yfM9mR9TGpHvPfR4eN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0842130306ba752fa1164f5ded671897_JaffaCakes118

Files

0842130306ba752fa1164f5ded671897_JaffaCakes118
.exe windows:1 windows x86 arch:x86

d252aa86b7c4e6cb0823eb7a340f0357

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

MessageBoxA

oleaut32

VariantClear

advapi32

FreeSid

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

Pie

comctl32

ImageList_Create

ole32

IsEqualGUID

shell32

ExtractIconA

comdlg32

GetSaveFileNameA

Sections

.MPRESS1
Size: 221KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE