0e719f5a73e17aa3465bc6a2dbe60176_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e719f5a73e17aa3465bc6a2dbe60176_JaffaCakes118
Size

230KB
MD5

0e719f5a73e17aa3465bc6a2dbe60176
SHA1

70cc7c80f9d3542d4c963da53371a468b445ba96
SHA256

ecd56540c4736694200af139b8190fa0450f7642ca4fb71fbed0e7e38c4de6df
SHA512

ae7f4a16555bf787c11087fb40c59ccaa0869cc4cbb27a61c05568cd6cac4fe4fb59da5877558d50f5e4b9bd572b56d3d9441bf8984e0bce8b2d4fd30fa7967d
SSDEEP

6144:V07RXvYORGx/Xx8Cp7k0OzOlDlWPHy0L3b:VcYOwx+240/lDIPS0L3b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e719f5a73e17aa3465bc6a2dbe60176_JaffaCakes118

Files

0e719f5a73e17aa3465bc6a2dbe60176_JaffaCakes118
.exe windows:7 windows x86 arch:x86

27ca13b729287d5fa81344f9f69ac47d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Sytem\Connect.pdb

Imports

shlwapi

StrRChrA
PathIsSameRootW
StrRStrIA
PathUndecorateA
UrlGetPartA
StrPBrkA
StrChrA
StrToIntExW

kernel32

lstrcatW

user32

IsCharAlphaNumericW
GetMessagePos

Exports

Exports

?LormDelete@@YGXUverifyEw@CA7
?LormSelect@@YGXUverifyEw@CA7

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.one
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.null
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.void
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ