5a34c7af256da691e455959a06a2fa54_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a34c7af256da691e455959a06a2fa54_JaffaCakes118
Size

191KB
MD5

5a34c7af256da691e455959a06a2fa54
SHA1

fd1dd670fbf8a27306cf1b5dd74d2ff11018cc96
SHA256

630d14919b1d58c5bfa28164b69373db78b013c8bb0db8a48186285d73a083e9
SHA512

0a4733951c5c46f68a659b101c7fcec6e77d89994e4340ddae209d69d8794f063e32967ddca175d2da1f3453d6ade4f2b3279b1306760f14376af01f5e5cd609
SSDEEP

3072:CtZHP/5nC60qdRYoQKE4o0qCcof/w72GIy1w8pMsML0vbk6Ft5yBVJkyhpZMlwtr:ivY6QoOn0qLmlhyvpaL6I6oVJk24lwAZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a34c7af256da691e455959a06a2fa54_JaffaCakes118

Files

5a34c7af256da691e455959a06a2fa54_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1ad87c9f8de0fcd47f8da13489ff552

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

GetHGlobalFromILockBytes
CoTaskMemFree
StringFromGUID2

imm32

ImmAssociateContext

kernel32

SetProcessPriorityBoost
Sleep
CreateEventW
ReadFile
GetModuleFileNameW
GlobalAlloc
CreateFileW
InterlockedDecrement
TerminateThread
EnumResourceTypesA
InterlockedIncrement
GetModuleHandleW
DeleteCriticalSection
GlobalLock
CreateProcessW
WriteFile
GlobalUnlock

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ