fc16a428d6960407df495848ed799f79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc16a428d6960407df495848ed799f79_JaffaCakes118
Size

10KB
MD5

fc16a428d6960407df495848ed799f79
SHA1

0f6f294be003cc75579961251629c0ac588c9869
SHA256

f015d70fb33040f5ae3f5dc8e2f25ab8b2675989fbdd2556fe518c94bb81d353
SHA512

55c1cf0154ec4709cd3b7490f853f3ae0cc2647cc77808bd670d37dc35f221f6f52c61ec745b413467a648bd4bd5faf39d7ce2b2fba30c327ce5ab2e719dcaa4
SSDEEP

192:ikWUDNhELzkqWoeYl5ut1tg2iEgSaYqIO/fdkWA5YpdWw3CYwWwk:ikWK3+dlcg2iyamOqWA5YpdWWCYwWL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc16a428d6960407df495848ed799f79_JaffaCakes118

Files

fc16a428d6960407df495848ed799f79_JaffaCakes118
.exe windows:6 windows x86 arch:x86

80624e94888f3ca394f86ca44518feff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

CredFree

msvcrt

exit

credui

CredUICmdLinePromptForCredentialsW

Sections

.MPRESS1
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE