5c911700a425653761b3ecd49cd6f144_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c911700a425653761b3ecd49cd6f144_JaffaCakes118
Size

60KB
MD5

5c911700a425653761b3ecd49cd6f144
SHA1

d3c830b9a1d276ad1272b6906a066d7f7b4c36d5
SHA256

040c91a651a1dff002edb90298e447d64942bcfd0d00344133952a024379c71d
SHA512

9da6f197584b3f237aaba18846a4ed9ca4328477f2fd2628b2de7c7fbddaaa1e0ede1142ee4c971f24f8504073cc8be8c4be8fc3e07fb9c6e33e59da1da76f02
SSDEEP

1536:nUoaVpqb8YnPXJVuGSpSwQ6IzODwIO8pKSSxZ:nU5WYoXyGSpSp6tDwD88x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c911700a425653761b3ecd49cd6f144_JaffaCakes118

Files

5c911700a425653761b3ecd49cd6f144_JaffaCakes118
.exe windows:4 windows x86 arch:x86

807eb3a9ef6d6ff988fd8d7ce63c5073

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DefineDosDeviceA
DisableThreadLibraryCalls
EnumSystemLocalesA
ExitProcess
GetDiskFreeSpaceW
GetNumberFormatA
GetProfileIntA
GetThreadLocale
IsBadCodePtr
MoveFileExW
SearchPathA
SetConsoleWindowInfo
SetDefaultCommConfigA
VirtualUnlock

advapi32

AccessCheckAndAuditAlarmA
CreateServiceW
CryptCreateHash
CryptDuplicateKey
CryptGetKeyParam
ObjectCloseAuditAlarmW
RegisterServiceCtrlHandlerA

gdi32

CloseFigure
CreateICA
CreateRectRgnIndirect
GetCharABCWidthsA
GetDeviceGammaRamp
GetWindowOrgEx
RectInRegion
SetPolyFillMode
SetRectRgn

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE