da979351114637b3dbb325349b6e3430_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da979351114637b3dbb325349b6e3430_JaffaCakes118
Size

245KB
MD5

da979351114637b3dbb325349b6e3430
SHA1

ae82ae99b8a36c8f9fc07be298a51db2c473abc3
SHA256

53e5b9a8da81086d3ec15aaef495e2634e3284e602a1e0918bd3b0d471027149
SHA512

49ad6cfabbbaea7a3fcd59346d06383549d31b2c77531634b88c5c369104ac7da7d984e3caef77556737295033c337d83c1fb4e33d82ea5a8f3417852cfce9a4
SSDEEP

6144:oSv7GrsSwOqD9x5fvy12FIsXTJ6Rq+hPfcKvKyEVp:7v6rAOCfvyCfHMdiycp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da979351114637b3dbb325349b6e3430_JaffaCakes118

Files

da979351114637b3dbb325349b6e3430_JaffaCakes118
.exe windows:6 windows x86 arch:x86

88eb4c1ddba37798b74444ff8f7c9478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

SelectObject

advapi32

RegCloseKey

wintrust

WinVerifyTrust

shell32

ShellExecuteExW

shlwapi

PathAppendW

Sections

.MPRESS1
Size: 146KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE