fe0c8e478e3065b3bf0640c8bf732ddf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe0c8e478e3065b3bf0640c8bf732ddf_JaffaCakes118
Size

39KB
MD5

fe0c8e478e3065b3bf0640c8bf732ddf
SHA1

9ca5c81e551a31ec9349313e5bf34d70955939d0
SHA256

6d714dcff0be97938e4222f6305a4f9acf3a26aca9352e6306857756cf3d1920
SHA512

3cd31283a400165fbd04bec5af683201cbca7ab6075efe56be976db64ecf73fd6108a6dc4b9b1d6ecdd6a0e5c3e1413d83298e506964583f516e90e5988f232b
SSDEEP

768:snHwVNPERQN58FpNrBXAauGK+XzUw1qixqgI/7DzFT:snHOWaN6pTQauGG8xxqFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe0c8e478e3065b3bf0640c8bf732ddf_JaffaCakes118

Files

fe0c8e478e3065b3bf0640c8bf732ddf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0f93aba45fca5ebd91b38fd4c9794355

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

shlwapi

SHDeleteKeyA

Sections

.MPRESS1
Size: 33KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE