5b9514bf5d34c79094512cf0596fe58c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b9514bf5d34c79094512cf0596fe58c_JaffaCakes118
Size

1.5MB
MD5

5b9514bf5d34c79094512cf0596fe58c
SHA1

4d2b8d5dada457e2ab0744888877c7b756386665
SHA256

f773e3952b5ee0239a145f0cd538289d71fe93cea84a5cf19eea1be629874904
SHA512

15f9c981464a00561a8b4d3453dedb5c06057dfd0309b266f894449cd0564bdd1020af0856ef8bc4ecdd51f1924a04416c1453a38bed12b4417e5b495fe32bf8
SSDEEP

24576:rN7gY5M593YleQuoY9uNyLUxV04t1On81I2WHN6Fp74FJjvXJ+/Y4r5Syi1cqP2F:JFuGe18yLUZ1I2WHQF0J/49SpuA2V3b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b9514bf5d34c79094512cf0596fe58c_JaffaCakes118

Files

5b9514bf5d34c79094512cf0596fe58c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c338b66ab9382a56c621313304b3dce4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCommandHistoryA
HeapValidate
EnumDateFormatsA
ReleaseSemaphore
CloseProfileUserMapping
Module32FirstW
GetLocalTime
MapUserPhysicalPages
FileTimeToDosDateTime
CopyFileExW
SetLocaleInfoW
GetProcessWorkingSetSize
GetProcessIoCounters
lstrcpynW
HeapSize
GetConsoleAliasExesLengthW

user32

ValidateRect
FlashWindowEx
IsDialogMessage
ShowWindowAsync

shell32

SHChangeNotify

gdi32

SetGraphicsMode
AddFontResourceA
GetLogColorSpaceW
IsValidEnhMetaRecordOffExt
GetObjectW
GdiAddGlsRecord
GetTextCharacterExtra
ColorMatchToTarget
STROBJ_bEnum

Sections

.text
Size: 9KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 36KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE