8551d864445023d489136d1f2facb99b_JaffaCakes118 | Triage

Sharing

General

Target

8551d864445023d489136d1f2facb99b_JaffaCakes118
Size

24KB
MD5

8551d864445023d489136d1f2facb99b
SHA1

a3e8eebe88f5f252d7ac0741d07b9d5687d26316
SHA256

703c934063316735890ab6b3f4450365596f7e82075fbf5bafb381c1f2a25ff1
SHA512

34d73c0c81ff926501180de6e5b0a84a147ffc89c376b2fc1f0cff7621cccc788ea2b5c1709a1c8ac155e776b4643bce1495248158f04bc3347a913410b48939
SSDEEP

384:OZldjg4BYFCVcwpg99U3lWsAI5KlE6BLfvHHs4PYZXEEJF93m+Y9kxOJrw7vvxld:0lVg4BYFCV1+9W3l7tKllrHsyY1E1+Tj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8551d864445023d489136d1f2facb99b_JaffaCakes118

Files

8551d864445023d489136d1f2facb99b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3595eb7b3fef955e620bbb93a1452e40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdiplus

GdiplusStartup

advapi32

TraceEvent

shell32

CommandLineToArgvW

ole32

OleRun

oleaut32

SysFreeString

msvcp100

?_Xlength_error@std@@YAXPBD@Z

msvcr100

free

Sections

.MPRESS1
Size: 16KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE