92000c32dd5777592cc9bd959323eb91_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

92000c32dd5777592cc9bd959323eb91_JaffaCakes118
Size

107KB
MD5

92000c32dd5777592cc9bd959323eb91
SHA1

3a82fe163aa22661d1077213cd8450e40ec41aed
SHA256

1e011344a4e25324a64bda5bce6d1e9a5545874238f31b75970ca3383b8f223e
SHA512

bd5cd9719f72dbf60661625782dc8e05cc986083c226c03121a58b483120f904c7f867aa6357717a18567faee9c20e3a3b9bcace195685226faefb7cb83afc77
SSDEEP

768:QoCv3hFe00TgIitgzt7DZbp15HCUAyJi7FIlC5khoVf0NBnN7KQ8wfe3QShkRoe:hO3jWiM15HuyO/f03nLh54+TnxLQ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92000c32dd5777592cc9bd959323eb91_JaffaCakes118

Files

92000c32dd5777592cc9bd959323eb91_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0a801dc9727f248e1846d7e3766df24e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

freecadgui

?runApplication@Application@Gui@@SAXXZ

freecadapp

?destruct@Application@App@@SAXXZ

freecadbase

??1StackWalker@@UAE@XZ

python27

Py_GetPath

msvcr90

exit

msvcp90

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

qtgui4

??1QApplication@@UAE@XZ

qtcore4

?qFree@@YAXPAX@Z

Sections

.MPRESS1
Size: 11KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE