f5817fcb5fa12ac3a4f0e6f0deb2d5fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5817fcb5fa12ac3a4f0e6f0deb2d5fa_JaffaCakes118
Size

323KB
MD5

f5817fcb5fa12ac3a4f0e6f0deb2d5fa
SHA1

188dc80e96c236f6aeeeedcb9557a011da852cf8
SHA256

6dfaf39d6df413343a95d58362a31a4ed99f0242148d1be473f44f069e100cbe
SHA512

5664eb9f1c26fbb5bdc8885e26b2c553464f7d84fe5c62486c4aa91c8f599b99614dd08feaf379dea410bc18c68f795d3c0afa5a91f487d888f9ab0a4aa0f7f8
SSDEEP

6144:4HewmcwRYG1CNOkqzwV6jdYsAIFQ2/4epJYEozLYdfNZ2BFQlW+PABb6PFHR:cmcwRbm6ptJezLYhNMGHABb6NHR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5817fcb5fa12ac3a4f0e6f0deb2d5fa_JaffaCakes118

Files

f5817fcb5fa12ac3a4f0e6f0deb2d5fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06a7f9c2ae02d033ccc428166214d50c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
lstrlenA
FindAtomA
GetTickCount
CreateFileA
GetExitCodeProcess
LoadLibraryW
GetCommandLineW
GetModuleHandleA
GetComputerNameA
LocalFree
GetDiskFreeSpaceA
CreateThread
GetSystemTime
CloseHandle
SetEvent
SuspendThread
SetLastError
GetFileAttributesA
HeapCreate

advapi32

CloseEventLog
CreateServiceA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
IsValidSecurityDescriptor
GetFileSecurityA
RegCloseKey
IsTokenRestricted
GetLengthSid
RegQueryValueA
GetUserNameA
RegDeleteKeyA

dsprop

ErrMsg
ReportError
FindSheet
MsgBox
CheckADsError

powercfg.cpl

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 313KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ