efab7548cc81c75fffe918a81436fce7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efab7548cc81c75fffe918a81436fce7_JaffaCakes118
Size

114KB
MD5

efab7548cc81c75fffe918a81436fce7
SHA1

31f19efd22edd50166f3ddb50f01fd9949cefeff
SHA256

97be551879e26e4ecd99bbc6e324f2bf8b49401d091ea1b215a8f729252c0549
SHA512

c5c03cb9c65c832b97c2d75b3b9189441cd3bdb29bc7cf3587c2fa1e1cc10edf0b8676c46d47a87c77cfd446558d2278f5dadb572e548a3c6eee1ddbf59890b4
SSDEEP

1536:EJ42b5ngFrkW92cNmkf5ss48lcnUGPVtD/Jy20GwMOVbpoKWHzHua:EJ5ner992cIkuOWzVtDhnvzHua

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efab7548cc81c75fffe918a81436fce7_JaffaCakes118

Files

efab7548cc81c75fffe918a81436fce7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8c6d2ca2008ed2e9474dae36a0dfea1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

FreeSid

ole32

CoInitialize

oleaut32

VariantClear

wtsapi32

WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock

ws2_32

sendto

Sections

.MPRESS1
Size: 82KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE