5aaf3f4afbddaaa7e9a833e42f2b1fc6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aaf3f4afbddaaa7e9a833e42f2b1fc6_JaffaCakes118
Size

365KB
MD5

5aaf3f4afbddaaa7e9a833e42f2b1fc6
SHA1

a8255fb5f965f60b8c2e759d6e2a7ebc612cd017
SHA256

fbfa7aedfbd37ad543ecb7fc4109bc565d518791dbb1f5d87ff62fabdb54c305
SHA512

5360b3ceb4f3806c70f56f1ef803e6bdad2b50e64cd730de28ef8f0e53e379f1bcfe3e3fe8874892bebe5adfb55e3e490a5d25a8626e146060a6a41a447b9600
SSDEEP

6144:qRMUa4hib4j8jf51Qx7O6bcLehsEwkoK/6ERdFQJdlMu6lb/01apjbV6m8lL:qRMjx4ojf51aTcK0NEQUd0op3QlL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aaf3f4afbddaaa7e9a833e42f2b1fc6_JaffaCakes118

Files

5aaf3f4afbddaaa7e9a833e42f2b1fc6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cf4fa57e91604a39d0888d73f799c1db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetCurrentProcessId
EnumCalendarInfoW
SetLastError
SetEvent
GetFileAttributesA
GlobalFree
GetConsoleAliasW
GetModuleHandleA
HeapCreate
GetCurrentThreadId
EnterCriticalSection
GetDriveTypeW
LocalFree
GetPrivateProfileStringW
FindAtomW
CreateMailslotA
FindClose
ResumeThread
ReadFile

user32

GetSysColor
DispatchMessageA
IsWindow
GetMenuInfo
DispatchMessageA
SetFocus
GetClientRect
GetClassInfoA
GetKeyboardType
GetCursorInfo
GetKeyState
CallWindowProcW
DrawTextW

asycfilt

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

msasn1

ASN1BERDecBool

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ