0a7265d38645f1418858900ac98c21ae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a7265d38645f1418858900ac98c21ae_JaffaCakes118
Size

132KB
MD5

0a7265d38645f1418858900ac98c21ae
SHA1

2c5b460102e7e352c1777c1444053dea0207aa7e
SHA256

d9a93187db73d793013fb72e34e4e2a4f82f088c93275f8999b289f45bf34277
SHA512

88948185367a35fc11a4dc7ca8f624c5adc0a0268e8d62d42080f52fcc0e689b9f0e33b16c679f0e18a9ea6f3710d19c7dc7f0d47f5c8b7f892898c4753449f3
SSDEEP

3072:P9OndVa/9YrZBGB/1n6amggEjK4HXWOSs2vRqkWKA300YP8Yuja+5I:PMdIyGBdn6amggGIpjRJWK10Mujpm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a7265d38645f1418858900ac98c21ae_JaffaCakes118

Files

0a7265d38645f1418858900ac98c21ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc1c3237df6344d7d429b31268052112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

SetSoftwareUpdateAdvertisementState
DllUnregisterServer
FaultInIEFeature
IsValidURL
Extract

shell32

DoEnvironmentSubstW
DuplicateIcon
RealShellExecuteW
Options_RunDLLW
Control_RunDLLA
SHFileOperationA

Sections

.text
Size: 89KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE