e8b7351b9954c75a1da356108268a045_JaffaCakes118 | Triage

Sharing

General

Target

e8b7351b9954c75a1da356108268a045_JaffaCakes118
Size

457KB
MD5

e8b7351b9954c75a1da356108268a045
SHA1

b8f25c67f5fba04d38716b0ed13e61e6b4ec3e4a
SHA256

05b0a1ce943e3932a384fbadf098bb05e5a116c3e6a6598d790df53a7fe51760
SHA512

d3c54f6aa289fd82909794e03c57785efea8bc265300e61cfecf89b9e4bf772b853b082c5bdf73ad67d2d6c36d68b796c002908e44f846f3eb3772df32c8be3e
SSDEEP

6144:z13XjtMSd3zLmNFLQPLfYYUQxppy3IdlH1FQbotM:z13Xj6SdDTTYYUQvEInEotM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8b7351b9954c75a1da356108268a045_JaffaCakes118

Files

e8b7351b9954c75a1da356108268a045_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fbfe4af69e075bd66358c8c6d174368f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

herklLEGHKWR#;3kl.pdb

Imports

kernel32

DeactivateActCtx
IsWow64Process
GetModuleHandleA
SetSystemFileCacheSize

gdi32

CreateBrushIndirect

msi

ord30

advapi32

QueryUsersOnEncryptedFile

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ