17acbb175c7466b4b3ec8f1d9bac98b5_JaffaCakes118 | Triage

Sharing

General

Target

17acbb175c7466b4b3ec8f1d9bac98b5_JaffaCakes118
Size

12KB
MD5

17acbb175c7466b4b3ec8f1d9bac98b5
SHA1

50ea89dacfa751504241e9757f239ded2b1acccb
SHA256

240d22ed06622578794a2ed3f4061c5896b30db6cbfd48d10591ebc0799ac1c7
SHA512

473b3c53b0a1172e841cf45b628c59c1ad0a727f3fb16310907c53c1af65ba2991d7d9341fe0c45108672b4ca39a818ddcd361c1c58a8ab5be2fb6927740069e
SSDEEP

384:frrTK8kmStjE3xt7y5jjm2X0yF+7p0+DgRYp:frrTK8k7TK2zyA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17acbb175c7466b4b3ec8f1d9bac98b5_JaffaCakes118

Files

17acbb175c7466b4b3ec8f1d9bac98b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

03ce0fc8f9677d67f5dc16f2e5c69864

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

pegservice

??0ServerProcess@Pegasus@@QAE@XZ

pegserver

??0CIMServer@Pegasus@@QAE@XZ

pegconfig

??1InvalidPropertyValue@Pegasus@@UAE@XZ

pegcommon

??1Thread@Pegasus@@QAE@XZ

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

exit

Sections

.MPRESS1
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE