109680fec6dd57a9cd6796512b83cbe5_JaffaCakes118 | Triage

Sharing

General

Target

109680fec6dd57a9cd6796512b83cbe5_JaffaCakes118
Size

37KB
MD5

109680fec6dd57a9cd6796512b83cbe5
SHA1

620b0a73079e49157fee22d053209d02e5fe1c16
SHA256

b38094151fda4da10c5f7e28fb8d365e4c6f8fb3da7b53f30f5c7607098b0658
SHA512

102cc781212818f5d4562a84156434798cccbd06b3d8007d89074cf2e859f355dea25b1f1795707df413e6b279fa8e548ae2c9c594c79a6dbd8c3543993483df
SSDEEP

768:9udVoZoOSrYdyT7NuTfy8Q3A7DqV8XLD9XS7uVR:gfOwGERu7uiNi8R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
109680fec6dd57a9cd6796512b83cbe5_JaffaCakes118

Files

109680fec6dd57a9cd6796512b83cbe5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

48bcd21d7c9588a52f7e3ad95a1f6332

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

mfc42u

ord815

msvcrt

exit

advapi32

GetUserNameW

gdi32

GetObjectW

user32

IsIconic

shell32

DragFinish

shlwapi

PathFileExistsW

version

VerQueryValueW

imagehlp

CheckSumMappedFile

comctl32

CreateStatusWindowW

wintrust

WinVerifyTrust

netapi32

NetUserGetInfo

Sections

.MPRESS1
Size: 15KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE