dfecd9d82090cd573eecb4ed8b783629_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfecd9d82090cd573eecb4ed8b783629_JaffaCakes118
Size

147KB
MD5

dfecd9d82090cd573eecb4ed8b783629
SHA1

6fe3cb5dda982c1f7a7661b3813edc743c29268c
SHA256

115d7b0e59c1d1046017116bf33b7cfd355e11ce6a7480f9bf79c830e61a4fbe
SHA512

ba320a3f67c802b0d7efdef7f82d08c0bc10f592a47f1126e43cb12d2848948dd04ed7e2fe5806dcab03c72ad6f0f2ad4c1722ef21180f32cf0f019ee2d14ff4
SSDEEP

3072:vvksvmibqPmPaabB0abQ5NabzTU/gSTKhdkoq/Oor2Yj+TYI:v6imPmDB055NabuLedkd5S0I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfecd9d82090cd573eecb4ed8b783629_JaffaCakes118

Files

dfecd9d82090cd573eecb4ed8b783629_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b16146fb259a8f053c9a17385b1e229

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

user32

IsWindow

oleaut32

SysFreeString

gdi32

DeleteDC

shell32

ShellExecuteExW

ole32

CoInitialize

cabinet

ord20

crypt32

CryptHashPublicKeyInfo

msi

ord118

rpcrt4

UuidCreate

wininet

InternetOpenW

wintrust

WinVerifyTrust

version

VerQueryValueW

Sections

.MPRESS1
Size: 123KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE