5e723cfb42b82ce9ac71ad00c1388710_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e723cfb42b82ce9ac71ad00c1388710_JaffaCakes118
Size

36KB
MD5

5e723cfb42b82ce9ac71ad00c1388710
SHA1

f864cf3ff31214d63bbb12f4f24954604958e414
SHA256

fa94ca21d5b64d1f62f221562298607f54af3258253919311929987ecc878405
SHA512

bbb679a3b4eca7ed0dcfcec1453dd0a28f1d5469bf437b3a4399a8ae906eaf4f105d85290cfc7f95e61b8cee7ba2ef31029e2d1153b7c9c1ebc50ea4c0404cda
SSDEEP

768:lFT1aGvQMfTDoZj31pXcs1CX6e65AB0dBPDnzF:7vkj31hTCKeqASdBPDzF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e723cfb42b82ce9ac71ad00c1388710_JaffaCakes118

Files

5e723cfb42b82ce9ac71ad00c1388710_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b08d64e55c59919b7582d7c4da3b519

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

qtcore4

?connectNotify@QObject@@MAEXPBD@Z

qtgui4

??1QWidget@@UAE@XZ

hpqswu

??1CScheduler@@UAE@XZ

user32

EndPaint

gdi32

BitBlt

shell32

ShellExecuteW

gdiplus

GdiplusStartup

msvcr80

exit

Sections

.MPRESS1
Size: 7KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE