170c74202b7da147b6999e03db9096a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

170c74202b7da147b6999e03db9096a0_JaffaCakes118
Size

440KB
MD5

170c74202b7da147b6999e03db9096a0
SHA1

06528a8a4c9723da1d7f332692df545f018cd361
SHA256

7685134bdc3faa7f5ac19c37da15005dcff5c8e4852d79c4684a75520561c49f
SHA512

791f9370873ca62255c00cee9e8995448e2102e93748563a49a65356263150ee88123cd58695118b8768ea221c48a8ccc6940faaa50da9dd48abf7bf839396de
SSDEEP

6144:yoRcp2QXUnliDg7QGpeq7chRqo+hxGkB1lEVOqOcDW7AOgG8R75XQKQDcx9nKonb:HEAlISZ7sRqt1lyOzrY9Qt7+Sr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170c74202b7da147b6999e03db9096a0_JaffaCakes118

Files

170c74202b7da147b6999e03db9096a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c17d50961cc09a8a65f8daf4af21b124

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

shfolder

SHGetFolderPathA

Sections

.MPRESS1
Size: 420KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE