d387aab0df32b14e847901dc10da6545_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d387aab0df32b14e847901dc10da6545_JaffaCakes118
Size

81KB
MD5

d387aab0df32b14e847901dc10da6545
SHA1

7368a52ae2d5ada7f18570fdeeb5275781789e35
SHA256

553b5286d07b3077d7ecc20ea18593d3783d55f898d5a7c38afc7286fea3b3bc
SHA512

53c85e23d3d626f530949d301a9e65d85f1a4d07933370858a9e6861cee2ad6bc8c4bdd6f265c753978d1ca0f5604bda43eb4159c16e5e561bb37fdc34a651b0
SSDEEP

1536:fzr+9OhsSV/HgleOnjqzTqgA41jODdnY/:7rKOhz/m2Tq01iJnY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d387aab0df32b14e847901dc10da6545_JaffaCakes118

Files

d387aab0df32b14e847901dc10da6545_JaffaCakes118
.exe windows:6 windows x86 arch:x86

dab541d6d28f3042b8c517f846d6ea58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

FreeSid

msvcrt

exit

certcli

ord223

comdlg32

GetOpenFileNameW

gdi32

GetStockObject

ntdll

RtlUnwind

setupapi

SetupGetIntField

wldap32

ord41

crypt32

CryptMsgClose

ole32

CoInitialize

oleaut32

SysAllocStringByteLen

rpcrt4

UuidCreate

secur32

GetUserNameExW

user32

LoadIconW

wininet

InternetCrackUrlW

Sections

.MPRESS1
Size: 73KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE