5bcddbaa0acbbb0878fc86aa98fbdc5d_JaffaCakes118 | Triage

Sharing

General

Target

5bcddbaa0acbbb0878fc86aa98fbdc5d_JaffaCakes118
Size

7KB
MD5

5bcddbaa0acbbb0878fc86aa98fbdc5d
SHA1

15cb73aa294a434beec7c5d739f7a81424a98cc5
SHA256

24d481c7fac417539b600d7336fb4793d7f43c047f59dfe0cf6b221474f20b10
SHA512

ebea4b9ee24d3ea76590342111d0fef06daa81755cb20765ac1ddfed7a52f59474fa675f1dda12037564a1e49246a9844b34cd51b7261543a7c6aeded408d271
SSDEEP

96:PFgCQwDv0234J3j4t0U22PYk0QAMvu4aB1SZODZaAKfdo2gepYq6NCtl:PmCQQ0m4ljr2QGvzaBOQhYdoopYq6sl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bcddbaa0acbbb0878fc86aa98fbdc5d_JaffaCakes118

Files

5bcddbaa0acbbb0878fc86aa98fbdc5d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69873b9dd363f016fecbad0096a6dd01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\Coding (Windows)\dnsch\Release\dnsch.pdb

Imports

kernel32

WriteFile
CloseHandle
Sleep
SetFilePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrcmpA
CreateFileA
lstrlenA
lstrcpyA
DeleteFileA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind

user32

wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ