0f46deb6aab39695e6170b224d817238_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f46deb6aab39695e6170b224d817238_JaffaCakes118
Size

72KB
MD5

0f46deb6aab39695e6170b224d817238
SHA1

51cd6afa563e1cf12a74aef1e63e4f1ff917a8ea
SHA256

b388370155de2d3d8a8be7ab36e6fcf84852b1c51801910b55f01d783dfb1bc0
SHA512

ffe84667453d1e7900308f2a3228ceb579bb1c8123cde397ff74b75137c8e5a85e5944c4c379761f19492695acf55918c5758dc5c886c211817dbe1addc74f07
SSDEEP

768:nPmsKqk+CbUjmDTIhGWI11X7DwrUH8bUq0:nPAqk+iUwT4PI11g7C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f46deb6aab39695e6170b224d817238_JaffaCakes118

Files

0f46deb6aab39695e6170b224d817238_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3f79214bfdacd2ba8dfef9ea41c1d002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RevertToSelf

gdi32

BitBlt

user32

GetDC

msvcrt

exit

ntdll

NtClose

ole32

CoTaskMemFree

msimg32

AlphaBlend

wmsgapi

WmsgSendMessage

wtsapi32

WTSFreeMemory

winmm

PlaySoundW

userenv

LoadUserProfileW

winsta

WinStationQueryInformationW

crypt32

CertFreeCertificateContext

msctfmonitor

InitLocalMsCtfMonitor

comctl32

ord345

Sections

.MPRESS1
Size: 18KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE