5b999324953c36ae29a070f3ffa943f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b999324953c36ae29a070f3ffa943f3_JaffaCakes118
Size

318KB
MD5

5b999324953c36ae29a070f3ffa943f3
SHA1

389b5dc3053b4bddd75181b33ca420cd673e13b4
SHA256

f92c5a87b22fdf73d5908db519c284b4bc011e4c821fe230235614673ffbe95c
SHA512

44c5b6cdabebe377213ee22883676ef784f44df52b99d2a5273e7dc28558a6fb8175dcee72e42df185fdcc6722f3f5c9ac03f452f3a01b1dd70d090e40582299
SSDEEP

6144:+3oUR5RZGdYcFyLOtEE4bkkfVolynCnHKEbps6Hg6:sGKcFyLtfVo5rFH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b999324953c36ae29a070f3ffa943f3_JaffaCakes118

Files

5b999324953c36ae29a070f3ffa943f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b20f0bd037776d02d8a20d43233f4af6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetDC

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
LoadLibraryA

advapi32

RegCloseKey

comctl32

ImageList_Add

gdi32

SaveDC

oleaut32

VariantCopy

urlmon

URLDownloadToFileA

version

VerQueryValueA

Sections

.text
Size: 19KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE