3b98cc84cb6fba1614b31147626fd5cf_JaffaCakes118 | Triage

Sharing

General

Target

3b98cc84cb6fba1614b31147626fd5cf_JaffaCakes118
Size

30KB
MD5

3b98cc84cb6fba1614b31147626fd5cf
SHA1

67486723945214003713d86fe8370ccf87d215c6
SHA256

2212d61e54d5a9b2fef6ad4da800532d4ed51f9674ed18e5ea96b9dbfef6a47b
SHA512

dac4bf34b152b6d16fed235983201988967249e7f3995b8260ecb98fad0e615b54c918078f624c4991b8bd8ef9e17a62cc82a392caacfd654f58ae36072022f9
SSDEEP

768:9RmEkD7ZPiWYSYfTxkYQOdfkw07Daa++:DkDhYft5XdfkmU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b98cc84cb6fba1614b31147626fd5cf_JaffaCakes118

Files

3b98cc84cb6fba1614b31147626fd5cf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

43226a90ae5b614bef72863dbe538b75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

advapi32

AddAce

gdi32

DeleteObject

user32

GetDC

crypt32

CertOpenStore

ole32

CoInitialize

oleaut32

SysFreeString

certcli

ord264

comctl32

InitCommonControlsEx

netapi32

DsGetDcNameW

secur32

GetComputerObjectNameW

credui

CredUIParseUserNameW

ntdll

RtlCompareMemoryUlong

Sections

.MPRESS1
Size: 23KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE