46cd5aca0b696b8bfa4f4ca5d08c252c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46cd5aca0b696b8bfa4f4ca5d08c252c_JaffaCakes118
Size

224KB
MD5

46cd5aca0b696b8bfa4f4ca5d08c252c
SHA1

879c1b62a736cae26005ac401921d54db0d4175e
SHA256

f5b850c5de3e093f91d68e58f817cec398e65c24811bca3163a83918d80f25c7
SHA512

d81ee825cd4639b2df88df8c585427549ff8f0f0f14b3462e25b981f5f1356016f30791dd03087d241d085ad88cf1c6c397189edba3b0b13a758db6224a63bae
SSDEEP

3072:v2IeQMus0RVhyblrQoMvosozTH8+w6xGrVmzOwdI:v2/QMruhyhP4oRzTH8+w6uu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46cd5aca0b696b8bfa4f4ca5d08c252c_JaffaCakes118

Files

46cd5aca0b696b8bfa4f4ca5d08c252c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

40c7acffe694ea517b19d17198104c8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ws2_32

closesocket

wtsapi32

WTSQueryUserToken

version

VerQueryValueW

advapi32

RegCloseKey

shell32

SHGetFolderPathW

msvcp120

_Strxfrm

netapi32

NetWkstaGetInfo

msvcr120

exit

Sections

.MPRESS1
Size: 83KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE