e37e9301316e68d379f7da55037f19e7_JaffaCakes118 | Triage

Sharing

General

Target

e37e9301316e68d379f7da55037f19e7_JaffaCakes118
Size

458KB
MD5

e37e9301316e68d379f7da55037f19e7
SHA1

8fc17b88fd5f2df6c33b420b44d495c4dc2eff19
SHA256

6e1beeca97fd9f3fc3bb6007aa56ca99503e2564da3fb4d70b4420794af06810
SHA512

9cac90e8e45ff25dbc9ec0d80712f66aae1ca4bae79069ff460f0654dca2ae1b3aac6812d80d315d04c564fe713bcff4e8f796e466091cfd676a33cfd3171601
SSDEEP

3072:BbgGwgZ3AmoU3FakRbkJoqxQgYUaDdZWhDdloHljiu92ePsaT2pOfKWkY+hYDQ6/:BlwOvomak6yP/jZslw5kaTwfLX6x6TM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e37e9301316e68d379f7da55037f19e7_JaffaCakes118

Files

e37e9301316e68d379f7da55037f19e7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b3e6765df0ca18fc8faec27537e7901

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

herklLEGHKWR#;3kl.pdb

Imports

msi

ord30

gdi32

CreateBrushIndirect

kernel32

GetModuleHandleA
SetSystemFileCacheSize
IsWow64Process
DeactivateActCtx

advapi32

QueryUsersOnEncryptedFile

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ