65b155a44931d6311413452cfc268ea4_JaffaCakes118 | Triage

Sharing

General

Target

65b155a44931d6311413452cfc268ea4_JaffaCakes118
Size

39KB
MD5

65b155a44931d6311413452cfc268ea4
SHA1

6c148f49fc3ab92653b65fe57dbaf27106a02f69
SHA256

9343bcfa58fe0b9922d49181228631923f3b73059e645b64577bd256995d98ea
SHA512

2310c2873a089417ec7fea9ae295bd59fcdc766e635928231f66734378c2a9dad61c7c730ec15c9da41e304b3b5b3a2592b26f016d89640f8912046e5d6c64db
SSDEEP

768:YKk14kJiy7l9TPB325XJz9Wa1YpxGzVAJw9+8R8yfNksAs5Tus+bqF57DlXT:jlkJi8TPs5XJz71Y+Rk+rRoJs/+bqFvj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
65b155a44931d6311413452cfc268ea4_JaffaCakes118

Files

65b155a44931d6311413452cfc268ea4_JaffaCakes118
.exe windows:6 windows x86 arch:x86

cc8df88fa9e0b863ff95411d6591cde4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

OpenServiceA

Sections

.MPRESS1
Size: 32KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE