91538a128425685519221b0589814bfc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

91538a128425685519221b0589814bfc_JaffaCakes118
Size

32KB
MD5

91538a128425685519221b0589814bfc
SHA1

294df452a6d26a9471bd590ebfdb81c5abdf1f76
SHA256

e18c24b937d2d55dd4ca9b1180ff33504e180edf4d5e7a746c777ca49774ab48
SHA512

a7e330cd7dec3db38d28b514471404cb53f37d2efd4671f91b89bf30d6af04ac5aa2b3949904af88a133e35683f1649ba514b32e022f1a1351a03995d508471a
SSDEEP

768:a6Un5+aMqveAMwIkT5ReU4bwHo4a07DDK:a6AdMpAMw754KuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91538a128425685519221b0589814bfc_JaffaCakes118

Files

91538a128425685519221b0589814bfc_JaffaCakes118
.exe windows:6 windows x86 arch:x86

bb4ca4dd4b49a28cefff8c77a1512be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

user32

SetTimer

msvcrt

exit

shell32

ord190

ole32

CoTaskMemFree

ieadvpack

ExecuteCabW

version

VerQueryValueW

shlwapi

ord388

iertutil

ord650

oleacc

AccessibleObjectFromEvent

oleaut32

VariantInit

Sections

.MPRESS1
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE