5aece7cf41f78e9ebcefb68a582235d1_JaffaCakes118 | Triage

Sharing

General

Target

5aece7cf41f78e9ebcefb68a582235d1_JaffaCakes118
Size

460KB
MD5

5aece7cf41f78e9ebcefb68a582235d1
SHA1

2399e685cb5eeb1c67b0211e07e2579e04cd4330
SHA256

57b7888e7f27d3b627766d1303a88a1324a2bc1893be06ce955a7d41eb0cd49f
SHA512

19ee12694c8719ecabb14e229f2d3a1329129778ae961178e43881dccac570b31c99324dc0107718fd65376020747270577eb6ff556fc71edf01434210ac8115
SSDEEP

12288:l6Kdk6fZ8YGvL3ckK6LkRJt5cmXptYL024FQ60PtyblxZ0+iCOG:pdkgZnGvLc6LWpcQqJ4/yMzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aece7cf41f78e9ebcefb68a582235d1_JaffaCakes118

Files

5aece7cf41f78e9ebcefb68a582235d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8eb684df11f12079e468e2fb4d65943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
strchr
wcschr
malloc
strcspn
_vsnprintf
_except_handler3
wcscspn
wcslen
_mbschr
free
_initterm

user32

MessageBoxA
LoadStringW
LoadStringA
GetSystemMetrics

kernel32

GetCurrentProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
LocalAlloc
GetSystemTimeAsFileTime
TerminateProcess
MultiByteToWideChar
ExitProcess
Beep
WideCharToMultiByte
LocalFree
GetTickCount
UnhandledExceptionFilter

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
I_RpcExceptionFilter
NdrClientCall2
RpcBindingFromStringBindingW

advapi32

GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
IsValidSecurityDescriptor

ntdll

NtLoadKey
NtAllocateVirtualMemory

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ