2cc3e4049e74cd170a68068162a0dec1_JaffaCakes118 | Triage

Sharing

General

Target

2cc3e4049e74cd170a68068162a0dec1_JaffaCakes118
Size

48KB
MD5

2cc3e4049e74cd170a68068162a0dec1
SHA1

e0ec48dd72df6168728c2b21bd3ce65ecfb59cdf
SHA256

fcd90c940c05dffaa88b4a1dc0e61e7fdb062ef532e07fe60aab4ca4908eb5ab
SHA512

d0f5b7f7e9991473d9363c64c765be682679b0ad4e84a4f79ebe34afa701be3a239fbe6352ab0c3cf8d48eb21bd9e08aebabba6e8fc7b38c9dac309832aed0e7
SSDEEP

768:9gAwSvo4oNXz8VM/WPsj668RQ5fbrwo4gV60fTwhnUowZHP97DMw/VdpS7fNztE2:1jv+jWPTcJrw+TwhUowpj47fNztE2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cc3e4049e74cd170a68068162a0dec1_JaffaCakes118

Files

2cc3e4049e74cd170a68068162a0dec1_JaffaCakes118
.exe windows:10 windows x86 arch:x86

e8613cb5e9eeddc840502f635f469a0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

GetAce

user32

CharNextW

msvcrt

free

shlwapi

StrCmpIW

oleaut32

SysFreeString

wtsapi32

WTSFreeMemory

shell32

ShellExecuteW

crypt32

CryptStringToBinaryW

api-ms-win-core-com-l1-1-1

CoTaskMemFree

samcli

NetLocalGroupDel

netutils

NetApiBufferFree

Sections

.MPRESS1
Size: 29KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE