af8b281720a368e76e405c6f1a4c3a49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af8b281720a368e76e405c6f1a4c3a49_JaffaCakes118
Size

62KB
MD5

af8b281720a368e76e405c6f1a4c3a49
SHA1

3d88487fb809978aadcdee2174baa52af868eabf
SHA256

1b53aa6f7117c4bfdc820026b91c6fe0e3d4fd7d322dc5163d2fe6e76d3db14b
SHA512

c37ee642f5de2ac62e677ae49283f53b725f61211b88145637f8399d61071c2158a3dc6e156dd82d4b25be1b81d65ddad39ec0a097bd0f35742333c09daf860c
SSDEEP

768:sel1KWT0NJoKWuriAXCY7iVhhxwh78jFgKIy5gxgQHb7DpWx33n68EwPES4e:sel10NJy87i9xwl0HIy5ygQgn1bPEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af8b281720a368e76e405c6f1a4c3a49_JaffaCakes118

Files

af8b281720a368e76e405c6f1a4c3a49_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da2a818cf16a4ce2cdd64b67a5aed8a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

PathFileExistsA

user32

wsprintfA

shell32

ShellExecuteExA

Sections

.MPRESS1
Size: 33KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE