5ded9ea305d29be1de2e8ad5c33833d3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ded9ea305d29be1de2e8ad5c33833d3_JaffaCakes118
Size

43KB
MD5

5ded9ea305d29be1de2e8ad5c33833d3
SHA1

fcf5ebeabb9a4581f2ca4898b780c8a9dd34c036
SHA256

a634b5be86b4e1fb49937ccb0c9b4e960c6a1480fec70300db0270d0192fa70b
SHA512

a0f9fc4d78bccfbd0d5bdaca2127df17710bf750fbae66218d1a79682b516434e1ec13974a080ff38a69f11ee545517e10a700cd2b1863bf88ebfe7d48347307
SSDEEP

768:fL3X8VKGliZtwjBWm5VtZHTIoTBhy/xM0tacQAEE:TzGliZtPathIofGM0Mc7E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ded9ea305d29be1de2e8ad5c33833d3_JaffaCakes118

Files

5ded9ea305d29be1de2e8ad5c33833d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70055dd293989045c9a1113693226189

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
FindResourceA
GetModuleFileNameA
MoveFileA
DeleteFileA
CopyFileA
ExitProcess
SizeofResource
LoadResource
LockResource
CreateFileA
WriteFile
CloseHandle
SetEndOfFile
FreeResource
_lcreat
_lwrite
_lclose
GetShortPathNameA
WinExec

user32

wsprintfA

msvcrt

fopen
fseek
strrchr
rand
srand
time
_stat
malloc
fread
fclose
fwrite
free
_ftol

shlwapi

PathFileExistsA

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ