fd0608153eb8a13963d375cf7b160828_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd0608153eb8a13963d375cf7b160828_JaffaCakes118
Size

44KB
MD5

fd0608153eb8a13963d375cf7b160828
SHA1

4e1ce60f5f51c4c85e17fe252531f13951911b95
SHA256

fe1acd6100f684e3ff9873e12d1cee92c5762a01cf60945620da8422714e9cbc
SHA512

0e55722076507b80d7d53f88a644e3684a6bc041e55f5f125f9b5f71a0ee5bb56afa93b46bf8b362df5e845ee595514877b2c53fd6a7ebe99db24e836d751e8c
SSDEEP

768:Gv0CQm2rg6ASzQYmbsAYc3uh/q3oLFkymFD1QgB+pp7x9Lqww7Da43:G8Cx2sweIAfoFkymF55K7x9L/r43

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd0608153eb8a13963d375cf7b160828_JaffaCakes118

Files

fd0608153eb8a13963d375cf7b160828_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aefa04aec62fba7b74bd6ea6cfd84046

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

LoadIconA

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

psapi

EnumProcesses

css_core

MOTCSS_OnCall

mfc80

ord1486

msvcr80

exit

gdi32

CreateSolidBrush

advapi32

RegCloseKey

shell32

ShellExecuteA

shlwapi

PathFileExistsA

ole32

CoInitialize

oleaut32

VariantClear

msvcp80

?_Lock@_Mutex@std@@QAEXXZ

ws2_32

__WSAFDIsSet

Sections

.MPRESS1
Size: 37KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE