b4ea1b50b549140502a4dfc4c7b5a5e8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4ea1b50b549140502a4dfc4c7b5a5e8_JaffaCakes118
Size

12KB
MD5

b4ea1b50b549140502a4dfc4c7b5a5e8
SHA1

b942994229ee75fe64318eb52ab6dc38e2864ffb
SHA256

aec6381aafc301d18f5d355c9c3271400cf65f84e5b4b953a022092226706844
SHA512

1f3f924fb140fa3249f98d1a0063af46d89a3870ddfedda4b6eabc84059f40ecb246d1f74ecbe9f7f95c3a47b40cf1e4ce1d04569a4bc1d90a0ba8e709c97f0b
SSDEEP

384:4X7ts3c/3culaZTZRtXvVoIHlvFcYpLW+ohWs:4yyMu2ZRtXvVoIFvCPH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ea1b50b549140502a4dfc4c7b5a5e8_JaffaCakes118

Files

b4ea1b50b549140502a4dfc4c7b5a5e8_JaffaCakes118
.exe windows:6 windows x86 arch:x86

dfb99a320dede9b000a87497216a5de9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

ole32

CoTaskMemFree

oleaut32

SysAllocString

advapi32

RegisterEventSourceW

user32

LoadStringW

Exports

Exports

??0CTcpMib@@QAE@ABV0@@Z
??0CTcpMib@@QAE@XZ
??1CTcpMib@@UAE@XZ
??4CTcpMib@@QAEAAV0@ABV0@@Z
??_7CTcpMib@@6B@

Sections

.MPRESS1
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE