35744c4f305e593443c087d23dad7c50_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35744c4f305e593443c087d23dad7c50_JaffaCakes118
Size

76KB
MD5

35744c4f305e593443c087d23dad7c50
SHA1

9df5cdc5f46e44e5fdcc2b803f4fea16cfceabb4
SHA256

eaa99fb2d7f8ca830090d7eec89a66759bc3ba28374b9f4c2925a0a529b2833a
SHA512

cca0b07299dbf87153d66eb685d7d0e2b917372efb55a1f53729ddd80fe76cdb87abf965d8680a9ce21b7bf79d23e9acef318d749b40d11bd5d8559453175ff5
SSDEEP

1536:ds9oxndn2UubS8ove518n1yrD2ovb3qF5NrYZzMtljJ:XnQhSjW518IX2+0brJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35744c4f305e593443c087d23dad7c50_JaffaCakes118

Files

35744c4f305e593443c087d23dad7c50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ae636748d67a75f65dd80291d551472

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

PropertyLengthAsVariant

kernel32

ActivateActCtx

advapi32

I_ScGetCurrentGroupStateW

rpcrt4

CreateProxyFromTypeInfo

msvcrt

??0__non_rtti_object@@QAE@ABV0@@Z

Sections

.text
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.temp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE