89cd196dfb77b5fded04968cd93fa61b_JaffaCakes118 | Triage

Sharing

General

Target

89cd196dfb77b5fded04968cd93fa61b_JaffaCakes118
Size

61KB
MD5

89cd196dfb77b5fded04968cd93fa61b
SHA1

7943bc0ac4c3ee9fdb23da57604408d6c4e32126
SHA256

d321ca02bd74ae59de3499826f0ffda90e712b48fcbfa5a88c46c4e7958da4c8
SHA512

1f696c8246877b8fda830e5646287877e0a7fb307466454dd03c30d4030b5dfaffd2bf7c9aec794182167472fa0a678b501679be4844cff2b921eadaaf5a0caf
SSDEEP

1536:v6y1bDhOq0xILQGpSIiI3ep7/Kx3u4coDfl:v6kD8fxo9pL27/Lor

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89cd196dfb77b5fded04968cd93fa61b_JaffaCakes118

Files

89cd196dfb77b5fded04968cd93fa61b_JaffaCakes118
.exe windows:6 windows x86 arch:x86

32cad88c4478e9903749558a51be749e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

AddAce

user32

IsWindow

msvcrt

free

shell32

FindExecutableW

ole32

CoCancelCall

oleaut32

SysFreeString

shlwapi

PathIsPrefixW

rpcrt4

UuidCreateNil

ntdll

NtSetInformationProcess

secur32

GetUserNameExW

xmllite

CreateXmlReader

mpr

WNetGetConnectionW

Sections

.MPRESS1
Size: 55KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE