219fea926e4b82e3a34fa2c0500aee24_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

219fea926e4b82e3a34fa2c0500aee24_JaffaCakes118
Size

59KB
MD5

219fea926e4b82e3a34fa2c0500aee24
SHA1

385c306f67aa254d9f564457ab86e987e3257007
SHA256

17b00ebf6f2a50e96e2b31c42b18ab10ffed4f9f75950dc2901ff0f0b8f5a71a
SHA512

3a28d842d31cff46bf4ff7a8b75b840fbc28cafeb4326de0f6d23684a18193f8ca97d81a103f6dd71a9e780543ca4bc0250060ab309a858d60a5e895fb12ad70
SSDEEP

768:gIp2i69w+8x7fHsniuv8X9eiyN6KIWRkr0P7k3bvCdvXGOzrJGepixVK7DcmAbPv:Eib+w7fMnqX9FhCkr0GbvGzUn/J4k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
219fea926e4b82e3a34fa2c0500aee24_JaffaCakes118

Files

219fea926e4b82e3a34fa2c0500aee24_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ded369d0a9bb0c7d92f53c61ee47b5c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

advapi32

RegFlushKey

gdi32

EndDoc

user32

GetDC

comctl32

ord236

comdlg32

PrintDlgExW

shell32

DragFinish

authz

AuthzAccessCheck

aclui

ord2

ole32

CoInitializeEx

ulib

??0ARRAY@@QAE@XZ

clb

ClbAddData

ntdll

RtlFreeHeap

shlwapi

PathAppendW

Sections

.MPRESS1
Size: 44KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE