5e57f1f3ac59f59e7c3a0013bf03f979_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e57f1f3ac59f59e7c3a0013bf03f979_JaffaCakes118
Size

695KB
MD5

5e57f1f3ac59f59e7c3a0013bf03f979
SHA1

eada470b04787976660771c3a3869dc2815d181d
SHA256

e9290f28fc974d4cacca56b3f286f4c55bdfc27007cd63e78fcf8cb9a0b4219e
SHA512

c30e576f2d59ebe07ea618552c2b2217bb44c392ceef2e0205e3d31209681f71f934734c9530770d29d24cf442fad5390c894d84b281c575136714fc499fe8cb
SSDEEP

12288:eu9G6DMzTMMHMMMiqMMZMMMiAR9bzVvSMMMlMMMJ8MMMHMMMUMMZMMMuIiMMzMMy:eqGLHMMHMMMtMMZMMMhzbZvSMMMlMMM2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e57f1f3ac59f59e7c3a0013bf03f979_JaffaCakes118

Files

5e57f1f3ac59f59e7c3a0013bf03f979_JaffaCakes118
.exe windows:10 windows x86 arch:x86

cd7383eca6b719170f150ff065731edc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

FindWindowExW

msvcrt

free

api-ms-win-downlevel-advapi32-l1-1-0

EventWrite

advapi32

EventWriteEx

iertutil

ord797

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrIW

api-ms-win-downlevel-ole32-l1-1-0

CoCreateGuid

Sections

.MPRESS1
Size: 34KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE