948dd5bca1ca66d495dcd393de97c471_JaffaCakes118 | Triage

Sharing

General

Target

948dd5bca1ca66d495dcd393de97c471_JaffaCakes118
Size

86KB
MD5

948dd5bca1ca66d495dcd393de97c471
SHA1

82f016f8cebac9014ebee0c5488dbd32ca0322fb
SHA256

358a933a47abeee41f748907f188d1adae167afc40d7fdf6c3df50bd375a2271
SHA512

6079ffaa22fd3afca444bccf50d56eedb371d868e876a63d4056622277634a76ff39a4705363e4f23c8e088cef527db549c4b63eab4e01005c23d61ca26bca0e
SSDEEP

1536:/oHOKGj5seyBkeZtKMS92PM6Llnw1z+ZCEe/SefGp4o5FRvEO:/yOhCeyBkMpPMonw1zZxu5gO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
948dd5bca1ca66d495dcd393de97c471_JaffaCakes118

Files

948dd5bca1ca66d495dcd393de97c471_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f2fe8726b48d92fbe6926b80382c2ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextW

advapi32

CopySid

shell32

SHGetKnownFolderPath

ole32

CoCreateGuid

oleaut32

VarUI4FromStr

shlwapi

PathCombineW

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory

Sections

.MPRESS1
Size: 78KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE