3c88bd46a723b517e44665f0a7c87f11_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c88bd46a723b517e44665f0a7c87f11_JaffaCakes118
Size

58KB
MD5

3c88bd46a723b517e44665f0a7c87f11
SHA1

45ac4ecc35cdea473cd063561e04d73f43604155
SHA256

ce284c747941c64f4f0d5f6ddbc3353c8609c738532bfeb46e88db31bab996b5
SHA512

5e4118b3a8b55ec9130fdfc7e205926b64583667d24a73a9cea2350385eb7a8cf920f4499b9e0652c9a68718840f1163f317f87995b5249dd5f7b6ae4b9e0c9b
SSDEEP

1536:vFvzH9DOmJtRRAdwSqCMpPYeLGbmGhWDTFdmR3q9GT48L/4AtVR:vFvzH9DBR6KSZwQeLWYDTFdpkL/4mR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c88bd46a723b517e44665f0a7c87f11_JaffaCakes118

Files

3c88bd46a723b517e44665f0a7c87f11_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4f59fe9efbc5097410dce6422c5003fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

FreeSid

rpcrt4

NdrServerCall2

Sections

.MPRESS1
Size: 52KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE