5bef2e00b37d628b7f186547d08bdb1b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bef2e00b37d628b7f186547d08bdb1b_JaffaCakes118
Size

7KB
MD5

5bef2e00b37d628b7f186547d08bdb1b
SHA1

845ae235bc93ded4729688735e518d4ab5c25127
SHA256

cb7d12805b5d737baa72ec69b2a988e84a69bf9ea138c975935b5ac450f25751
SHA512

90c124d4af6c60a048c6030bb9e421e388ac6699a32e267d4a65590cb07a35d323cdfd367b1b876e4045e740e727798ead7952944960f7dfe51d062bfb2faf45
SSDEEP

96:5DL+GFV+gnuqlvixaOFFClcJLFuKiBNmV01BEgTsoAMQ3JyeGKsBymW0Xtcfnp3m:0OV+gnuqlaRAIWgqj7FQaKpmTYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bef2e00b37d628b7f186547d08bdb1b_JaffaCakes118

Files

5bef2e00b37d628b7f186547d08bdb1b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e9ffb6ee91835961b54069bf2d731a03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfA

advapi32

RegEnumKeyA

shell32

SHGetMalloc

ole32

CoInitialize

version

VerQueryValueA

Exports

Exports

DoService
IsAdmin
ShellLink
g

Sections

.MPRESS1
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE