5dc5b66217a46a56470b6beeb0a8f67a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dc5b66217a46a56470b6beeb0a8f67a_JaffaCakes118
Size

6KB
MD5

5dc5b66217a46a56470b6beeb0a8f67a
SHA1

da932b6db893ebe43394efcd01c275198e52b56e
SHA256

38decc1c4fca60114c1cce2d36454447098964ce3e7843061afef1a0329b6ac7
SHA512

f30a14d07a4747d4384d41375a4bf0aad7c8d4424c0958907aa53360ee36ddcad6114258a2cf970289c0cf62dfa1935f70e3ceff899dd4b4f41d4489eeb0b0f7
SSDEEP

96:Z1HsMra/k4o9eNJlkh28ZYniIUFQpniPJkBMXkBUCLkMeI:7MdHGPYniIUSniPJkBMXvCLklI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc5b66217a46a56470b6beeb0a8f67a_JaffaCakes118

Files

5dc5b66217a46a56470b6beeb0a8f67a_JaffaCakes118
.dll windows:1 windows x86 arch:x86

ef3d2a2223cc6eef2f998fdc95669e83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateThread
ExitProcess
GetCommandLineA
GetModuleFileNameA
GetProcAddress
GetShortPathNameA
LoadLibraryA
RtlZeroMemory
Sleep
VirtualAlloc
VirtualProtect
WinExec
lstrcatA
lstrcpyA
lstrlenA
lstrlenW

user32

CallWindowProcA
CreateDialogParamW
FindWindowW
SetWindowLongA
SetWindowTextW
ShowWindow

advapi32

CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

ws2_32

gethostbyname

wininet

InternetConnectA

wintrust

WinVerifyTrust

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE