2d73de256aac9220c1b2beaf2edbf7d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d73de256aac9220c1b2beaf2edbf7d5_JaffaCakes118
Size

606KB
MD5

2d73de256aac9220c1b2beaf2edbf7d5
SHA1

8da73a1262153348c205b8165791fd3aca1962fa
SHA256

016038ebbefc11ffcc02b18bce237e8f28fcfbef87b72f2d16cbcf77c7c9e4b1
SHA512

b8aaa042b90ab1f8bb80215fca6ca4c4e7aa24a1176cd319863750536df2a4964a8ed1d9949bd7fc34687d7fb4836fe13b91da5978bd9d73f5ee5657c49adf91
SSDEEP

12288:QCJ4a+pd167QhEFW7exMFMFBc6GnMmIM1Py6+pd167QhE1v7O:QCJ4f6Eh17sMFMF1sMmIM1q/6EhY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d73de256aac9220c1b2beaf2edbf7d5_JaffaCakes118

Files

2d73de256aac9220c1b2beaf2edbf7d5_JaffaCakes118
.exe windows:6 windows x86 arch:x86

45a04450740813ff590f3cd9876362f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

TraceEvent

user32

CharNextW

msvcrt

exit

ntdll

RtlUnwind

shlwapi

ord462

shell32

ord147

ole32

CoInitialize

iertutil

ord31

urlmon

ord104

Sections

.MPRESS1
Size: 25KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE