5c4ace761d573265a4e38d38b0689cc2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c4ace761d573265a4e38d38b0689cc2_JaffaCakes118
Size

23KB
MD5

5c4ace761d573265a4e38d38b0689cc2
SHA1

2f9d7a4c8f6964cfb224b627137a104b9950c129
SHA256

9f7ba48fffbdbbe8e177d389b994fc13be7acc725a693eae9471e43f6b42cff6
SHA512

c9c267c044ca30f848471cd288decd1b4de971d3aa03e8174c741192eb8e8cd2d0dbed814f40c8ed4a23b06bb77838dde70259eae312dae285ed1dc27433e8a5
SSDEEP

384:ScLJy0xuxe1zsnElGXsUWmJRpBN/QVAysqCz4dkPuI4jx/83TGGQt7vvxlLUWuEO:SKnUeynwGHZQVB4z4mmtFaCt7Dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c4ace761d573265a4e38d38b0689cc2_JaffaCakes118

Files

5c4ace761d573265a4e38d38b0689cc2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2e8b119cc45cbc3ecc8f0a6267f2897

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

msvcp60

??1_Lockit@std@@QAE@XZ

advapi32

IsValidSid

gdi32

TextOutA

user32

GetDC

imm32

ImmInstallIMEA

ole32

CoInitialize

version

VerQueryValueA

Sections

.MPRESS1
Size: 18KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE