729aacfe789906470fd0967a469b59ef_JaffaCakes118 | Triage

Sharing

General

Target

729aacfe789906470fd0967a469b59ef_JaffaCakes118
Size

272KB
MD5

729aacfe789906470fd0967a469b59ef
SHA1

c430507cd3c2ed847b906b291b867d1e2e5631cf
SHA256

e2ec5d59f0070fcbca0e95014663097e42b71a841ebace55e682d9c3bf28b958
SHA512

f73978a826194d9480cedf6984e02a0acff51a5d30b37e999ecd02a773bceeba3545d4988f54d6e37b7a16a41b628166494dbe73611f83466d1ed0ae29542493
SSDEEP

1536:h7slKSeH8C30Ylb2sqy/hetseAi1dtGZVC6TUSzD+FkPHJIgHf1:h7UegeygjG1mDUSfsUHJIgHf1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
729aacfe789906470fd0967a469b59ef_JaffaCakes118

Files

729aacfe789906470fd0967a469b59ef_JaffaCakes118
.exe windows:10 windows x86 arch:x86

bd7ac50d3f9a866b5438177bcadbac02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

gdi32

BitBlt

user32

GetDC

msvcrt

rand

ole32

CoTaskMemFree

oleaut32

LoadRegTypeLi

shell32

CommandLineToArgvW

iertutil

ord792

mshtml

GetWebPlatformObject

urlmon

RegisterWebPlatformPermanentSecurityManager

oleacc

ObjectFromLresult

shlwapi

PathGetCharTypeW

Sections

.MPRESS1
Size: 74KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE