5be5c354bfefe1cf5fae6bd1ede1fde1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5be5c354bfefe1cf5fae6bd1ede1fde1_JaffaCakes118
Size

172KB
MD5

5be5c354bfefe1cf5fae6bd1ede1fde1
SHA1

d5eaad4dc30f47a276ddc10401714fb6cc003913
SHA256

a51f8970a837f1520c5ecdf73f2e629864c0869e9b1eeb1ba68221d4e7153d97
SHA512

19609c08b3ce520e037717a1e36802bea436b7867c0b9403aedc428b67363164d289f69cb26968ba3b0f5b9b48e51b7089e5750576396b9630fcabae901802a2
SSDEEP

3072:rsW3yRbN4emncETh2JXhEe0BwNDQAB7y8s06Nb6tAA6xhb3EF6F:p3Cmn5l2lhEe0kVly/NbxLxhzEC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5be5c354bfefe1cf5fae6bd1ede1fde1_JaffaCakes118

Files

5be5c354bfefe1cf5fae6bd1ede1fde1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

be21d9a9117a9c734943439c29701258

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegSetValueExA
RegQueryValueExA

ntdll

wcsstr
strstr

kernel32

lstrcpyA
VirtualAlloc
lstrcatA
lstrcpyW

ole32

CoCreateGuid

user32

CharLowerW

Sections

.data
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE