223b32169def79895b613cfbbabaa47a_JaffaCakes118 | Triage

Sharing

General

Target

223b32169def79895b613cfbbabaa47a_JaffaCakes118
Size

40KB
MD5

223b32169def79895b613cfbbabaa47a
SHA1

f52752e249d845dec064bfb5bf47e9796746f2a2
SHA256

de52597fb3aa1053ec6d639abf748bdfe2aeec70ea66caf0336a7f11d9864824
SHA512

d8ee29cde1565a9ae9a7877a8fc365130e895548c087eba187b4b6c60b72cfa58cc35054c777889634b595b860556622b4e1b0391a08a972e1e5efd15bbe0f62
SSDEEP

768:H47Jsy7speZda/Vva9HU21ZP5GPZrJhK/hKdFLGQ/AMXXcbirG0Yyb79:Y7GO1aNvIHrZRGPn8/huG4RXXcIYO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
223b32169def79895b613cfbbabaa47a_JaffaCakes118

Files

223b32169def79895b613cfbbabaa47a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d4759bf4cc0635b41a7499a682259c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

advapi32

CryptAcquireContextA

crypt32

CryptUnprotectData

gdi32

BitBlt

msvcrt

_beginthreadex

shell32

SHGetPathFromIDListA

user32

CreateWindowExA

ws2_32

WSACleanup

Sections

pec1
Size: 35KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE