506bd082680c45a638788e0036a4561c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

506bd082680c45a638788e0036a4561c_JaffaCakes118
Size

311KB
MD5

506bd082680c45a638788e0036a4561c
SHA1

0fa79baa809b0528242f25bcc0a5947ae401cfa8
SHA256

7d68847b63240327e4a0996eb0d2dad84806aeadb9f1bcd418e19775e2911d5b
SHA512

60f29dba7112b6767baa35a18adfaac17e953c8a40ee488dac18d770dbe2c872466ce5139207fae5b262b0e64d7b6aba99b00525814662fc101c6b96461fa67e
SSDEEP

6144:AtrWn72mE2pfwBWE356fYqlw31y3HHEht9jDF/WAh:AtrW762puWK6wFQHHqnjJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
506bd082680c45a638788e0036a4561c_JaffaCakes118

Files

506bd082680c45a638788e0036a4561c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a812788d92b9e8a40e2609bef6d3c10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

jswscimd

CreateImdMain

jswscsup

CreateSupplicantMain

user32

GetDC

gdi32

ArcTo

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

advapi32

CopySid

shell32

ExtractIconW

shlwapi

PathIsUNCW

ole32

ReadClassStg

oleaut32

VarDecFromStr

version

VerQueryValueW

Sections

.MPRESS1
Size: 262KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE