20c9e7e1fcb4b91a766b65c81e065a77_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20c9e7e1fcb4b91a766b65c81e065a77_JaffaCakes118
Size

691KB
MD5

20c9e7e1fcb4b91a766b65c81e065a77
SHA1

5c53894afb4690b08c0f27c99aeddfa5cc345ed6
SHA256

bc90d696394639da5a772aac01187770f9f09ddb6d7882f1036d4727ae5aad89
SHA512

088a29628fb383b85eb6297069f5407728645bd7133840e1809249664d7ed906d47c38967358901b7b23ee4c3a8354ce905433786a3c74456a795ee3f74964e4
SSDEEP

12288:Qq9R2XVV9G6DMzMMMHMMMjlMMZMMMboR9bz1niMMMtMMMs8SMMHMMMnMMZMMMC8I:QPX9GLAMMHMMMJMMZMMM0zbZniMMMtMZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20c9e7e1fcb4b91a766b65c81e065a77_JaffaCakes118

Files

20c9e7e1fcb4b91a766b65c81e065a77_JaffaCakes118
.exe windows:6 windows x86 arch:x86

5152ea4f2049b954396580b110e1d2af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

api-ms-win-downlevel-advapi32-l1-1-0

EventWrite

iertutil

ord9

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrIW

Sections

.MPRESS1
Size: 31KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE