4a0e6b4cf46fbd9527654db34c3617d4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a0e6b4cf46fbd9527654db34c3617d4_JaffaCakes118
Size

77KB
MD5

4a0e6b4cf46fbd9527654db34c3617d4
SHA1

034aae332f75cd3893029b874b7e9d34d72d8ce5
SHA256

f2f7668f59676dfd71aeb8b96be2c66495d2363f55ea87437ca68def4f87a338
SHA512

4bce7ef49c1bbf312cefa9b75f89d990e8e720e50bc6fa50bced6df06920f728d124102cfe74157c392c0a4035ba92c9f3ee80ca95179bb51777abb2eb651276
SSDEEP

1536:V3uED/vmNnoegDh3XPEguEt58bB6Q8EinoA9yKZgedwxtDa3UQIYII4R+WPg8:sGeGPE6tSdmYSyAmD7QKI4RG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a0e6b4cf46fbd9527654db34c3617d4_JaffaCakes118

Files

4a0e6b4cf46fbd9527654db34c3617d4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a21f151ed099074faa449b763f226694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIA
PathQuoteSpacesW

ole32

UtGetDvtd16Info
OleUninitialize
HENHMETAFILE_UserUnmarshal
StgOpenStorageOnILockBytes

advapi32

SetTraceCallback
RegisterServiceCtrlHandlerW

kernel32

VirtualProtect
GlobalFindAtomA
lstrcpyW
ConvertDefaultLocale
GetDiskFreeSpaceW
SetComputerNameW
QueryDosDeviceA

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ