512c59d509147ece1867137d2f71fee6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

512c59d509147ece1867137d2f71fee6_JaffaCakes118
Size

83KB
MD5

512c59d509147ece1867137d2f71fee6
SHA1

de9ecbfa45d712a59a64e6f4bdf30d48ada1166f
SHA256

5c6fd281fc309fbd087f575a30ea4a6f980455b625e5deadee254defbd54ffd9
SHA512

cafbfab38d93c1d64c257a6e1296cc1e0b0ed5e0d1316599c4f0e0fdac07a8f543e7c54e2f39a6a40652d36e664c2cc3620292f29c965aeffd84c98742d3846d
SSDEEP

1536:QyBkR/uI+z7KQdqjsk3lb1TzorOTXPblawzm78ed//29cuW:QmaWX1ZkPHoAZze7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
512c59d509147ece1867137d2f71fee6_JaffaCakes118

Files

512c59d509147ece1867137d2f71fee6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

60dcedd56a41bd718cf0b06f6b84c0a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

mfc90

ord1668

msvcr90

exit

user32

GetDC

gdi32

BitBlt

msimg32

AlphaBlend

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

shlwapi

PathIsURLA

ole32

CoInitialize

oleaut32

SystemTimeToVariantTime

wsock32

WSAGetLastError

gdiplus

GdipFree

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.MPRESS1
Size: 53KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE