1e0c4989c25330809b09b384f14c1535_JaffaCakes118 | Triage

Sharing

General

Target

1e0c4989c25330809b09b384f14c1535_JaffaCakes118
Size

377KB
MD5

1e0c4989c25330809b09b384f14c1535
SHA1

99ed6ece8825c3a2ea8316fa07003f44f8cc47e0
SHA256

55eb233bc661114ccbc1941dedff2239de891ccf4b40d57ac0cd64f13a9492ad
SHA512

ba8cc55e01744f04ae86b7344f043e0c34088cf126a91316836693aa7b243ea41c35f68966bd33deed9b338a48d09a93fdfdfee59b2915ae31fd65fc5199ab6a
SSDEEP

6144:Rx7Dc3sgtdXoFzw+OBdFRxvhVGrzNBJuosy0Mvo2VM5eRfSTFwRLjCw:z0jdXou+idDljIuoJ7/GwhjZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/7WB2771.exe

Files

1e0c4989c25330809b09b384f14c1535_JaffaCakes118
.zip
7WB2771.exe
.exe windows:4 windows x86 arch:x86

0857ef19e55d7fdf0f378cf99ffc7736

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

mpr

WNetGetConnectionA

version

VerQueryValueA

gdi32

SaveDC

ole32

OleDraw

comctl32

ImageList_Add

shell32

SHGetSpecialFolderPathA

urlmon

URLDownloadToFileA

Sections

.MPRESS1
Size: 357KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE