b1e6686d49db520bcf79d142c292da7e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1e6686d49db520bcf79d142c292da7e_JaffaCakes118
Size

25KB
MD5

b1e6686d49db520bcf79d142c292da7e
SHA1

ea8745f2691dfe9bb5179486fbb763f8ae06a767
SHA256

7a0e29f289c83359e7899a41afab82782d919db00d9a1933fd3708a588938b2f
SHA512

7d03673f8425187d90d5ed74ea02ff525d8fdcdc4c10944e99e2d1e680c2c221f48b23424df231609d842819e42a78a341d6d14a354b49608e4a59913fa147b1
SSDEEP

384:76ZneM4GP3W6R5M4u7HVmVujASeV9yKxc5ZEfHF6w:m54KW6R53upmVujfWyZ2HF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1e6686d49db520bcf79d142c292da7e_JaffaCakes118

Files

b1e6686d49db520bcf79d142c292da7e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d6d8d65731e980cf9d2b19ac646a6701

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceA

rpcrt4

CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllRegisterProxy
NdrOleAllocate
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrDllUnregisterProxy
NdrOleFree
CStdStubBuffer_QueryInterface
NdrStubCall2
IUnknown_Release_Proxy
NdrDllCanUnloadNow
NdrStubForwardingFunction
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer_Release
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported

ntdll

NtAllocateVirtualMemory

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

Sleep

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ