5dc78e400432e317c9472c49add06019_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dc78e400432e317c9472c49add06019_JaffaCakes118
Size

58KB
MD5

5dc78e400432e317c9472c49add06019
SHA1

f1bb6a799405fe3458b9864b0f302c36c06dbc20
SHA256

b1124b62e8295f7301ac921770997ac11e7802285a52a9c8d964df273b209273
SHA512

1a830b7c6acc524cd9f9dfe3f5c4593e8b5dff4d4b0316b3387cc6186f7610081b8462a8fb4bac8e2faa26fe110a32c6576f68cd2b195d9ec15200347c3acefe
SSDEEP

768:9fzKZrcA0skFibZD5CoSudOOav1fggtJCuxOB91lxTJx7fNXR6L975du:YmzskibPCZQ0vdggihjHTTNa9S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc78e400432e317c9472c49add06019_JaffaCakes118

Files

5dc78e400432e317c9472c49add06019_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a3e41914a4373cd36f238b911bd83341

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ToAscii
RegisterClassW
OffsetRect
MessageBoxW
MessageBoxIndirectW
MessageBeep
GetMessageW
FillRect

kernel32

ExitProcess
CreateProcessW
CompareStringW
IsBadReadPtr
GetModuleFileNameW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW

comdlg32

GetOpenFileNameW
GetFileTitleW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ