420ac5e3b4a116f6a6b6a9025b941585_JaffaCakes118 | Triage

Sharing

General

Target

420ac5e3b4a116f6a6b6a9025b941585_JaffaCakes118
Size

28KB
MD5

420ac5e3b4a116f6a6b6a9025b941585
SHA1

608d54f92980bafe33639c54b8d8d76abdd6c138
SHA256

bb927e1d38036074ea12928c79b730ec3a87bfebffa6f61215585a15d5e27cf9
SHA512

713c7f681a4e4ff73a642c7539bc80b9d1472bbfff7c90aa74d76279e70c40ae546ff91a3ed819c624025f847265a2efc600791ed092a92d430b65410cba2715
SSDEEP

768:JHoZeyIUrVOVn/dfXTgfuhsshWaJ3VLe:Qe+o/d/Tgf4sdqVL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
420ac5e3b4a116f6a6b6a9025b941585_JaffaCakes118

Files

420ac5e3b4a116f6a6b6a9025b941585_JaffaCakes118
.exe windows:1 windows x86 arch:x86

dc1c3237df6344d7d429b31268052112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

SetSoftwareUpdateAdvertisementState
DllUnregisterServer
FaultInIEFeature
IsValidURL
Extract

shell32

DoEnvironmentSubstW
DuplicateIcon
RealShellExecuteW
Options_RunDLLW
Control_RunDLLA
SHFileOperationA

Sections

.text
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE