421818608615e379693b73d6664e6057_JaffaCakes118 | Triage

Sharing

General

Target

421818608615e379693b73d6664e6057_JaffaCakes118
Size

253KB
MD5

421818608615e379693b73d6664e6057
SHA1

925c500435abfaa695eecb884144b2fe6c223cc8
SHA256

6c5ae3644a6a78769c2a5d550277d202b0354a15133284189a4b5e5cabfb0a6a
SHA512

0b8bf6645f6305322e69c27a317e2f38839cbb8c91aee3c71aaab33a4ed7ac1b52068088a4ba974d1a2011b2a69d1ad24cb968a7b2d232e5e052a8706fef9cba
SSDEEP

6144:+NIKjrFzuemHiCeCWlbSDvstmMfzKhyAmeD:OIK3FTwUlbwvst5f2kAmeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
421818608615e379693b73d6664e6057_JaffaCakes118

Files

421818608615e379693b73d6664e6057_JaffaCakes118
.exe windows:6 windows x86 arch:x86

5b41364438ad560b239c570be188d04c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

version

VerQueryValueW

ws2_32

inet_ntoa

ntdll

RtlUnwind

advapi32

FreeSid

ole32

CoTaskMemFree

oleaut32

SysStringLen

wininet

FtpOpenFileW

winhttp

WinHttpOpen

rpcrt4

UuidIsNil

cabinet

ord20

dnsapi

DnsFree

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.MPRESS1
Size: 241KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE