5ae02306cc4369cc565af2344b6751b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ae02306cc4369cc565af2344b6751b9_JaffaCakes118
Size

10KB
MD5

5ae02306cc4369cc565af2344b6751b9
SHA1

b293d7d8f4456b4b6eebec39b25e64ca47920719
SHA256

c93399e1b484d16a9ca00ad8a08561cb070803246f132f4b425df9e560202005
SHA512

9583bd90bda5c1c3f45d79bda6f199391cfe735d9ea874e89dddec103b2370ed54cc29f4cccd05116827e869f6a35c605ceea8983b561cd2b4ce7022825e9ddd
SSDEEP

192:0XQUsJNIx/ia39u48x+IOA3vxKqaFlUU8Fsu/DXJVzgbJG509LvBrR:NTJux/XNWOA/MqYqrr3gbJIid

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae02306cc4369cc565af2344b6751b9_JaffaCakes118

Files

5ae02306cc4369cc565af2344b6751b9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

c8154d1daaa0873c61bcd343aac302bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDecrypt
ImpersonateLoggedOnUser
NotifyChangeEventLog
LsaICLookupSids
SystemFunction008
ElfBackupEventLogFileA

shell32

SHGetSpecialFolderLocation
SheGetPathOffsetW
SHInvokePrinterCommandW
ExtractIconA
FreeIconList
SHGetFileInfoA

ntdll

NtAccessCheckByType
NtUnlockVirtualMemory
RtlStringFromGUID
__toascii
RtlDeregisterWait
ZwWaitForMultipleObjects

shlwapi

SHRegQueryUSValueA
UrlCompareW
StrSpnW
UrlGetLocationW
PathRemoveArgsA
StrFromTimeIntervalW
PathIsSystemFolderW
UrlCreateFromPathW

msvcrt

wcspbrk
__p__winminor
_wsearchenv
_get_osfhandle
__p___wargv
cosh
wcstombs

Sections

.text
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE