b549bad76c2da00686bcf6abf54c9525_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b549bad76c2da00686bcf6abf54c9525_JaffaCakes118
Size

116KB
MD5

b549bad76c2da00686bcf6abf54c9525
SHA1

7a6822f28f93bcbfe4233b6585f4331a87cf4cf5
SHA256

7fe953b2aae1a85d640e8425fa79c4a8ba11a61b4945cb34520a97fb4d7961dd
SHA512

6cd2f25c1224268c73db2c875394c727bb345462a856804f9bc1b923727901476742e8d5d15cfc5771c5702ddede31d45583dafab9db2ea1ed72822bb24e0d01
SSDEEP

3072:j915Qu+5UIMGaV7fdXZD7np/UE2WlrxQoZ:j9rRWIGaRNJTpUclPZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b549bad76c2da00686bcf6abf54c9525_JaffaCakes118

Files

b549bad76c2da00686bcf6abf54c9525_JaffaCakes118
.exe windows:5 windows x86 arch:x86

340a8777df2fb0cd9645783b8f439539

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

libintl-8

libintl_gettext

libpq

ord71

advapi32

AddAce

msvcr120

puts

Sections

.MPRESS1
Size: 88KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE