4d6371bc8cf8afd6faa2d94244dd86a7_JaffaCakes118 | Triage

Sharing

General

Target

4d6371bc8cf8afd6faa2d94244dd86a7_JaffaCakes118
Size

145KB
MD5

4d6371bc8cf8afd6faa2d94244dd86a7
SHA1

ed9130744f496e95032cbaaadb20c6ea5300b924
SHA256

81b7dc37b03a94b19bc05fbace0a906ce72d2e360ec4f8093bd65909c26f0f6d
SHA512

b62edf8e53db1fcd8a3a5d7c3ebd290325d1324e47a743e49ad288177ed297504ddf83d8afe6be00564cb2dd902838eec866e082e7453d962475b64a2105dc04
SSDEEP

3072:s7MJtV3TZVi7VvKueB2d3/HbKJbDdhIbSFlm9hIuR83Sh+Vyl4:TP3T3i7xPeB2x7KJbAalm96uRHsO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d6371bc8cf8afd6faa2d94244dd86a7_JaffaCakes118

Files

4d6371bc8cf8afd6faa2d94244dd86a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

283e19ddea5961b12283e2a19f403867

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfW

gdi32

EndDoc

winspool.drv

ord204

advapi32

FreeSid

shell32

ShellExecuteW

ole32

OleRun

oleaut32

GetErrorInfo

shlwapi

StrCmpIW

userenv

CreateEnvironmentBlock

version

VerQueryValueW

psapi

EnumProcesses

setupapi

SetupCloseInfFile

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.MPRESS1
Size: 140KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE