f5a0bebaf067dccb46be63d123a308f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5a0bebaf067dccb46be63d123a308f3_JaffaCakes118
Size

29KB
MD5

f5a0bebaf067dccb46be63d123a308f3
SHA1

70e2022a0d0de4ab21ed635694cea39e8fd0ce6d
SHA256

a2123402ab0d0c80f14a696b6da4238827a7625041ab4b1813c5051c72e68e8c
SHA512

5e39bdbeac828db9d6b3cd502c515b3f5f0bd0252b69dd2d99e7c646429d8319d35d48b88e3232595bdfafd527e51501593ae2fe077cf69302be8387e6498f20
SSDEEP

768:CDDxY9UkFbi8FQTL5FoviR6ZUJb+6PxKc1yNe7DrD:Cfe88FQZu6QZUiC7yNAD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a0bebaf067dccb46be63d123a308f3_JaffaCakes118

Files

f5a0bebaf067dccb46be63d123a308f3_JaffaCakes118
.exe windows:6 windows x86 arch:x86

1e0c9d65c251ee398fb656b1ae195c3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

CopySid

msvcrt

exit

rpcrt4

UuidCreate

user32

GetSystemMetrics

crypt32

CryptProtectData

ntdll

RtlStringFromGUID

Sections

.MPRESS1
Size: 22KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE