4c1a3ca2951a69fc2846b937c660b3b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c1a3ca2951a69fc2846b937c660b3b3_JaffaCakes118
Size

13KB
MD5

4c1a3ca2951a69fc2846b937c660b3b3
SHA1

8c93c49dd707c94c846213acdfded74ad9510c6f
SHA256

59b207b620d02b42fbde380bce2c63503112aab71a20943115a434c3d7b9c09e
SHA512

161232df365d8a86ac9d6d53200bf569d46f5b3f9c4f238870cb37b2731e099e9cafb961ec3c2d352a5c2374dbf779dac6a3adf4290ec89a4851269203de7207
SSDEEP

192:vFsgtG7X1m1q3Z4EMNnocaDYAon2q+GQfqX2rOJqA1pYpIW7gWgukm:vFZcz9ztonZfX2ru1pYpIW7gWy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c1a3ca2951a69fc2846b937c660b3b3_JaffaCakes118

Files

4c1a3ca2951a69fc2846b937c660b3b3_JaffaCakes118
.exe windows:10 windows x86 arch:x86

ebb6b51f1ebe41662753ea9eb002b6f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

msvcrt

exit

apphelp

SdbFindNextTag

user32

LoadStringW

shell32

ord680

ntdll

NtDeleteKey

Sections

.MPRESS1
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE