17662426eb3061046ad02aabe9632476_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17662426eb3061046ad02aabe9632476_JaffaCakes118
Size

20KB
MD5

17662426eb3061046ad02aabe9632476
SHA1

d32ba4f2d1a540cee5e640e47c131fb9e503ecbb
SHA256

c1a28e325c61a84392d162fbc5901a266244578407ea6ef0d8e5001ee27f2839
SHA512

419463874a0ff7eacdf3745a508276dc4826e8aa586f16d699e74b19fd5d8e74fb9021441c1bf92c1d88782fe587ec1571997ad429abe8f38ad4acdc86b0bcd3
SSDEEP

384:oHNgSbiSlFMnbDHKppr9a7sVz7cClKHg+5LyEM96O2NWp7vvxlLmWnCaGWlb:ugSbiSlFMHH5ilKHg+5LhMku7Daatb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17662426eb3061046ad02aabe9632476_JaffaCakes118

Files

17662426eb3061046ad02aabe9632476_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f656a5381c0c2c66f6f043935d3f697f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

msvcrt

exit

ole32

StringFromGUID2

user32

CharToOemW

pdh

PdhRelogW

version

VerQueryValueW

rpcrt4

UuidCreate

Sections

.MPRESS1
Size: 14KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE