4e38a3aa734865071f4edcdd5775be83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e38a3aa734865071f4edcdd5775be83_JaffaCakes118
Size

36KB
MD5

4e38a3aa734865071f4edcdd5775be83
SHA1

f9580c3e42e44509b489f6508a4361bab5441fcd
SHA256

94fcac614053ae8e8b8ee252916ae82f2cb4b1743ac2af8aeb316d680d67fb1b
SHA512

0b97d63f0902dc37e9e6349fb26c83ca6e03d7817fa0a17d461648b43be68efca1eafd6a72329fa0b02f4cef1164df73c20d592db83aaa9e5bc6828c80f2f5f3
SSDEEP

768:RZfOWJJAAiLfUkx2IM4fYwXC6HaYX8eCEdQHh907Q7DaG:Pr1ix2+fYyH3mEKHv01G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e38a3aa734865071f4edcdd5775be83_JaffaCakes118

Files

4e38a3aa734865071f4edcdd5775be83_JaffaCakes118
.exe windows:10 windows x86 arch:x86

59c724a57fa4d2dfb57766dde1a57b2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

msvcrt

exit

user32

wsprintfW

ntdll

RtlVerifyVersionInfo

version

VerQueryValueW

mpr

WNetGetLastErrorW

oleaut32

VariantClear

ws2_32

WSAGetLastError

framedynos

??0CHString@@QAE@XZ

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrStrW

api-ms-win-core-com-l1-1-0

CoTaskMemFree

sspicli

GetUserNameExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

Sections

.MPRESS1
Size: 29KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE