d72c1882b102a7f4d6655f98d2b52bfe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d72c1882b102a7f4d6655f98d2b52bfe_JaffaCakes118
Size

37KB
MD5

d72c1882b102a7f4d6655f98d2b52bfe
SHA1

84ce57bddffca61f67f0d7be026dd659f92896a8
SHA256

699f6ee92d9b9b95d2d8e7670cda231eb47cb6cd2468a005f21bdeb1a434132d
SHA512

212defef01197ad0fbf9c7dc15a1e177b9f00f81934cbf30b9cec7adaba98784c0ed39203c38a91281b886ada2ef2d782971fb980df2348792237f2ada7949ed
SSDEEP

768:AyNrTlHJ/b4apdThsG1breo/PfGWjl8BIjJ09hBH8+7D9/:AArRHJj4qThsueoXeWjleee9Dcq/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d72c1882b102a7f4d6655f98d2b52bfe_JaffaCakes118

Files

d72c1882b102a7f4d6655f98d2b52bfe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71b060be7c05cc0796289db77d51ce61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrIA

user32

wvsprintfA

advapi32

RegCloseKey

shell32

DoEnvironmentSubstA

Sections

.MPRESS1
Size: 32KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE