6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118 | Triage

Sharing

General

Target

6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118
Size

75KB
MD5

6975fd2d7c28b3c63c18f356304d4fa2
SHA1

81645a1772bfc616e92e29f459b3c956219946e5
SHA256

ed5b7ba61d9bfff0655e4526b89555e0736ed928f679be7930ea980332af578b
SHA512

92f409b969ca4f3bc23ebbcf8b0905ec274ec9a77a36d1c09531b92e6d67d26a1c2d5d756ffe40223d329ff8ab0a2c96c438a937801a7bf58daea38c681657c3
SSDEEP

1536:k5EBiW9l+5L4jtuPsnRgfLKVsXTnCYWSR1lXaFYILTC8G1Ri:27QQ5wtVnGfLKeESR1lXhd8GK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118

Files

6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

94cf7e2895533f0b35aa949644f0d96b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

comctl32

ord17

gdi32

SaveDC

oleaut32

SysFreeString

shell32

ExtractIconExA

user32

GetDC

version

VerQueryValueA

wininet

InternetOpenA

Sections

.MPRESS1
Size: 70KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE