5ada394815128635b045776baec76ef1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ada394815128635b045776baec76ef1_JaffaCakes118
Size

18KB
MD5

5ada394815128635b045776baec76ef1
SHA1

566383139087fc8e95f15590c8ab6c81b1b9f275
SHA256

48c2cd340d879e0f41996c9e37eb71bd63f2846d708b84709966a34ec11a22e9
SHA512

db0a63218952599f7cd0f2e0ff9a0269bb46d0a81358247ba31542cbca9b89d56c4db1d0f05a7448d3aa6423693387293d73badca9dc31b53d8535c29168980b
SSDEEP

384:4KgDKFaPXKC/7UTw6AlT+WymHD8qYPKmvjr:FgDK8ig7UTyiWytHPrLr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ada394815128635b045776baec76ef1_JaffaCakes118

Files

5ada394815128635b045776baec76ef1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

14d0a80762d999b05375f371512152bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
IsDBCSLeadByte
Sleep
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
lstrcmpA
GetSystemDefaultLangID
GetModuleHandleW
TlsAlloc
TlsGetValue
TlsFree
GetModuleFileNameA
GetCurrentProcessId
lstrcatA
VirtualAlloc
GetDriveTypeW
GetLogicalDrives
TlsSetValue
GetACP

user32

GetWindowDC
GetDC
GetFocus
CreateWindowExA
RegisterClassA
GetWindowTextLengthA
UpdateWindow
ShowWindow
GetWindowTextA
GetSystemMetrics
GetForegroundWindow
GetActiveWindow
ReleaseDC
BeginPaint
IsWindowVisible
GetWindow
GetClassLongA
GetWindowLongA
IsIconic

advapi32

RegOpenKeyExA
GetUserNameA
RegCreateKeyExA
IsTextUnicode
RegCloseKey
RegQueryValueExA

clbcatq

SetSetupOpen
SetSetupSave
ComPlusMigrate
DowngradeAPL

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ