d1fb9cde9065fc92395a57f754ca3637_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1fb9cde9065fc92395a57f754ca3637_JaffaCakes118
Size

37KB
MD5

d1fb9cde9065fc92395a57f754ca3637
SHA1

9396af3e6663b1dd40f10f0b766b7e1730d615a6
SHA256

568260b91cc61b2618fe6a285ddc0963268ac4ceb0bb6d72148bc3a13097db16
SHA512

ad1d9803a08e1386b61e03e8424f0486ccad09559edf484cb2f3ec8a86fbb315e50fc0c39f98a4ba474b8ac532dfed6a8bfae7587e7242dbd48703fa59d17aee
SSDEEP

768:5Pz1U+hPwhbXAK4rHd0xhB24En9huBJNFPltQisqGWwMgdh7Da2:R1U+xwRXMGXohoFjQiPGWBgdI2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1fb9cde9065fc92395a57f754ca3637_JaffaCakes118

Files

d1fb9cde9065fc92395a57f754ca3637_JaffaCakes118
.exe windows:6 windows x86 arch:x86

305a90d0786e691cf08795276783cabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

EventWrite

user32

QueryDisplayConfig

msvcrt

free

ole32

IIDFromString

devobj

DevObjOpenDeviceInfo

propsys

PSPropertyKeyFromString

dmrc

DMrcInit

xmllite

CreateXmlReader

bcrypt

BCryptHashData

Sections

.MPRESS1
Size: 31KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE