371d4a975332ed49cdece7b35426bb73_JaffaCakes118 | Triage

Sharing

General

Target

371d4a975332ed49cdece7b35426bb73_JaffaCakes118
Size

15KB
MD5

371d4a975332ed49cdece7b35426bb73
SHA1

0367221ba4299dd2b7cbe7520760006888be0cd4
SHA256

958c543266c73374608b7cd0eb13e5107af528487d8c04db02f9be0f6002fc6a
SHA512

fa98df059e2996813bb0580cf1cabf8ec9a268d41fde67283ef9d150fea04e887ef999b756d8ef87c3897bd6db38d348a0a3f73df038ac2087604db49cf9a17f
SSDEEP

384:dVTSiTVszDQMJMhzDJqUJ4OCw7Fr5P/HYg0YpZWUcWr:do8Vsz0dpNrrR/HYg0od

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
371d4a975332ed49cdece7b35426bb73_JaffaCakes118

Files

371d4a975332ed49cdece7b35426bb73_JaffaCakes118
.exe windows:10 windows x86 arch:x86

9030811048027a6edfbe19ae66bdf324

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

PeekMessageW

msvcrt

free

api-ms-win-core-com-l1-1-0

CoInitializeEx

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

comctl32

ord328

shell32

ord176

shlwapi

ord219

Sections

.MPRESS1
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE