03ad5696bf2810709d559a7d7fa3b43b_JaffaCakes118 | Triage

Sharing

General

Target

03ad5696bf2810709d559a7d7fa3b43b_JaffaCakes118
Size

302KB
MD5

03ad5696bf2810709d559a7d7fa3b43b
SHA1

98f5bdc925b561c01c3c377837cc5b15dd17f7a1
SHA256

a826a953400c07586bfa69e1046387a2f5df50f5dc2f594005d03dea1780a82c
SHA512

11ea637beaba0d5c739ed3db7af50f3b8dd8b3a3fbbb9c526f1b300169ee4429cd0f8e80450b6cdb928c1f0b3da787366f1948f6e5af6d3d18c47ee912b06745
SSDEEP

6144:l+LjhEB1aWggNOpqY8zzBZ9iEVXZZNTlCdXxiINFYT:l+Llmdgg4nyXZZZNT6hXc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03ad5696bf2810709d559a7d7fa3b43b_JaffaCakes118

Files

03ad5696bf2810709d559a7d7fa3b43b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8ffc31bccd11f7f873be952d93bdc291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegOpenKeyExW

oleaut32

SysAllocStringLen

mscoree

CorBindToRuntimeEx

Sections

.text
Size: 289KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE