5ca90fcaf73159d2355d1bbfdaf37237_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ca90fcaf73159d2355d1bbfdaf37237_JaffaCakes118
Size

30KB
MD5

5ca90fcaf73159d2355d1bbfdaf37237
SHA1

1e4952cc1eee5470bb9fdb07600fbc69c4e07fe3
SHA256

128adaba3e6251d1af305a85ebfaafb2a8028eed3b9b031c54176ca7cef539d2
SHA512

46df64c8e43c5534af5d7933bcf19f53d1905c1076697bf9b3e4ff1e4565af3df88c71f013a887e60313d7c8575e69352d8cfc626545d19a37325da8a878dcdd
SSDEEP

384:nfZ+nS42YyVWykrtvnP5sFS4QHXGLpSwpuwvViFYgbsQk4Sw8nNJm72A0mNdv5J2:gCYXymtJ/4QHmNUF/bRkXnq72fUdvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ca90fcaf73159d2355d1bbfdaf37237_JaffaCakes118

Files

5ca90fcaf73159d2355d1bbfdaf37237_JaffaCakes118
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

5516f4e517cd9dd3dec275d4e41bf7c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyExA

msvcrt

_CxxThrowException
exit
??1type_info@@UAE@XZ
free
_initterm
malloc
_stricmp
fseek
ftell
fread
_strrev
strncpy
wcstombs
fflush
memcpy
strrchr
_except_handler3
__CxxFrameHandler
sprintf
??3@YAXPAX@Z
fopen
fwrite
fclose
strlen
memset
strcpy
??2@YAPAXI@Z
_adjust_fdiv
remove

user32

wvsprintfA
wsprintfA

kernel32

GetTickCount
WinExec
GetCurrentProcess
GetLocalTime
lstrcpyA
CreateThread
GetSystemInfo
GetFileAttributesA
lstrlenA
GetModuleHandleA
OutputDebugStringA
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress

Exports

Exports

HookExitWindowsEx
Install
NewCopyOutOfUAC
Rundll32Call
ServiceMain
WinLogonCallFunc
WinLogonProtectThread

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ