5ae5e7020724c80498f43445bcbf765b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ae5e7020724c80498f43445bcbf765b_JaffaCakes118
Size

1.3MB
MD5

5ae5e7020724c80498f43445bcbf765b
SHA1

b821dd8841eacea0a8bb39648d0dd8ec7dd870f3
SHA256

77940c186ecc1fefc2f7cff5835f5e4857bfa710960ebb00974d2ed117211123
SHA512

515b74d74ae601014d19fde6b13639fb42faef2d5ad91551248202c00a41141cfcd5258cb18f3a8ae4673aa7aad25a2e362d3ad80772116940e0011d3aa0898c
SSDEEP

24576:5LbcsPUU173bIiCLD+PWsbjVxOsGUH8GvBSZzajHx+KdCWpajQ30W0m5OberheJ9:lJcGT/O7XUHXmzER+KEWpgMV0YOKPtqD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae5e7020724c80498f43445bcbf765b_JaffaCakes118

Files

5ae5e7020724c80498f43445bcbf765b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32530d79b4fc96f7d5b5a6c681986f2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
TlsSetValue
lstrcmpiA

user32

GetKeyboardType
TranslateMessage

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

CODE
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 992KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ