cdc7dc0fd5675620eb6239a09065821d_JaffaCakes118 | Triage

Sharing

General

Target

cdc7dc0fd5675620eb6239a09065821d_JaffaCakes118
Size

457KB
MD5

cdc7dc0fd5675620eb6239a09065821d
SHA1

87543bbf2e919972b27aefbb9f209c765e00ab6d
SHA256

6c5fa1c0a0c3860b2775ed00c52a2959173d04b597528a1f876bc057d417cb45
SHA512

a022708f3538e15a024ac421a7c85474aa2f68404b7a68e95936b6eecba18847b6032f0b7bb65f3d37c8fda9539c9e20540ea04431ab1847237f426861e97a33
SSDEEP

6144:3huTlwinUnUYTtp6g6ePQcWqXU/i4zo2Tgq3XWgXrCr7tq5UQM:3hkZnUnUYTP6fghW6B4U2M6f+FQM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdc7dc0fd5675620eb6239a09065821d_JaffaCakes118

Files

cdc7dc0fd5675620eb6239a09065821d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bc6d1cb51962785b0dbcd4710486628e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

herklLEGHKWR#;3kl.pdb

Imports

advapi32

QueryUsersOnEncryptedFile

msi

ord30

gdi32

CreateBrushIndirect

kernel32

DeactivateActCtx
GetModuleHandleA
SetSystemFileCacheSize
IsWow64Process

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ