120d6ee966164fd419f9017966358b77_JaffaCakes118 | Triage

Sharing

General

Target

120d6ee966164fd419f9017966358b77_JaffaCakes118
Size

11KB
MD5

120d6ee966164fd419f9017966358b77
SHA1

9ddf0f6d93f4b23dae8c61d91ae36c32acd68e1c
SHA256

e2c406acd9ab8368f355f5da0fde85a47592e93037e10a3c1b7b401ffe2f0ca5
SHA512

0c238144c909523518e76990dd01a7375ae0ab9da4634809be554dc320682d0ec1593cbb08264f255aae89b0dcc6fa9dd5f3a989bf145279ed9246c0a3a42b29
SSDEEP

192:fPPR5KORhdPgaNOxN0bN3jsIjoi2iiDPWEBZmKmT92WDtEr3zkeYpCWXGd:HJEORfoa0NsgIjoft6iob4lYpCW2d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
120d6ee966164fd419f9017966358b77_JaffaCakes118

Files

120d6ee966164fd419f9017966358b77_JaffaCakes118
.exe windows:6 windows x86 arch:x86

764c5e81af7bc2662182dd3d2a29fd86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

TraceMessage

msvcrt

exit

oleaut32

SysFreeString

ole32

CoInitialize

comctl32

ord344

urlmon

CreateUri

shlwapi

SHRegGetValueW

Sections

.MPRESS1
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE