5bf4bd8f2f1473e306a7ec19e1acb678_JaffaCakes118 | Triage

Sharing

General

Target

5bf4bd8f2f1473e306a7ec19e1acb678_JaffaCakes118
Size

14KB
MD5

5bf4bd8f2f1473e306a7ec19e1acb678
SHA1

da6c7e01b5ca13789011bb823e002cc70a615e23
SHA256

c5cc146e97f998e940ea7c3a64c8a06dc46931bcd493b59411513ccf73373bd7
SHA512

2b07f7ae4cc3ba41452692fa8d05f9695e2e17948f3b80a495d63dc42fba336ff7d1a036e193618fb89832bf0d5e65fdfb0957421facf49819ee0117281739db
SSDEEP

192:CTwEyNXMC7oi9W7xdJTEaWygstdt1EixcokQqPo5bdh9VyPRduKDe84Yzjq:0wT2tdCaWyg+VvxDkQJ5b39cXVa8M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf4bd8f2f1473e306a7ec19e1acb678_JaffaCakes118

Files

5bf4bd8f2f1473e306a7ec19e1acb678_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b95178628a07cab4b0056df25a9d15cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
lstrcpyA
CreateThread
lstrcmpA
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
GetTickCount
CreateEventA
InitializeCriticalSection
lstrcmpiA
ReadFile
SetFilePointer
GetFileSize
Sleep
SetEvent
GetModuleFileNameA
CreateFileA
CloseHandle
GetModuleHandleA
ExitProcess

user32

RegisterClassExA
SetWindowTextA
DefWindowProcA
PostQuitMessage
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
EnableWindow
DefDlgProcA
LoadIconA
LoadCursorA
RegisterClassA
LoadAcceleratorsA
GetMessageA
PeekMessageA

rasapi32

RasEnumEntriesA
RasGetEntryPropertiesA
RasDialA
RasGetErrorStringA
RasEnumDevicesA
RasSetEntryPropertiesA
RasHangUpA
RasEnumConnectionsA
RasGetConnectStatusA

comctl32

ord17

msvcrt

strchr
malloc
atoi
strstr
_strupr
??3@YAXPAX@Z
??2@YAPAXI@Z
free

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ