a568e731d79bcd1e6ffd344ed76d736b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a568e731d79bcd1e6ffd344ed76d736b_JaffaCakes118
Size

111KB
MD5

a568e731d79bcd1e6ffd344ed76d736b
SHA1

b2daafca9b033fd8cd124c776c94016607a24fa3
SHA256

048b61624381a819c3c5aac8e4d1bd47f5253450e515e5b3104e357117bb4b29
SHA512

8c1596a456bd99ba49639ffd32876c07fe9df7c059f7d12e326094388392efd47e3a8146fb618d8419bbeab948c6d6048be0da5b87f9134db7f949747cd236c8
SSDEEP

3072:rueZpVyYbToHXP7Ww8rVcTDWSSZDwfWZoeFR:rukaXPDESPSRwfwn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a568e731d79bcd1e6ffd344ed76d736b_JaffaCakes118

Files

a568e731d79bcd1e6ffd344ed76d736b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

586ad98daae4ae207986f47a3716b9b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

netapi32

Netbios

wsock32

WSAStartup

shell32

ShellExecuteA

user32

wsprintfA

ole32

CoInitialize

shlwapi

PathGetArgsA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.MPRESS1
Size: 82KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

igcnrwm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE