31c5d5d98832f3569152b9d431084f32_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31c5d5d98832f3569152b9d431084f32_JaffaCakes118
Size

328KB
MD5

31c5d5d98832f3569152b9d431084f32
SHA1

7b9df566b71effba3cd17b66bf883c1a190441c5
SHA256

02880387fe159925f17c63f5116ed54450d1523d7685e48eb3b6426e4a270a91
SHA512

bccf85d072a4df2baaf9a616cb54e8a778e9b023589dd809b2b21b93c84733f3d7fa2e792812bd24ad4273a92c8d9812a45c1e0d375b256bcde6479e2355b183
SSDEEP

6144:eIWbEGsxdTGzTb1P6LG/J9hS14sCIFQwaEyUNxYrYBei6Cu0YV:eISEGsx68LG/J9h1sQuxYrQUCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31c5d5d98832f3569152b9d431084f32_JaffaCakes118

Files

31c5d5d98832f3569152b9d431084f32_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8ffc31bccd11f7f873be952d93bdc291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegOpenKeyExW

oleaut32

SysAllocStringLen

mscoree

CorBindToRuntimeEx

Sections

.text
Size: 227KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE