5c7d3c49661fdb0b0f8f91aa051db22c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c7d3c49661fdb0b0f8f91aa051db22c_JaffaCakes118
Size

312KB
MD5

5c7d3c49661fdb0b0f8f91aa051db22c
SHA1

e2fe9772048cf9b48e879fe5330ed47b1eea0971
SHA256

7ad1e5b0adb6b435647181bf4ab59c980d30bfc9a24dc02050bac86ec5aca016
SHA512

7b70d5d342bf2242cc6cfadfbe0bb6b96e4b198ab7de0248ed2f212dd1fe524e31573e152689aaf1e164d4ad9c61227b575ab959ff71edda69e800fa87b71dfb
SSDEEP

6144:7rTuETVyp+zFTan/bdV+6A5iP2naGmzvXYu5aRCaMMQG:7Wr+zUDvA5eYYvYiaPMY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c7d3c49661fdb0b0f8f91aa051db22c_JaffaCakes118

Files

5c7d3c49661fdb0b0f8f91aa051db22c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f97d483e0028aaa86a983a25171a17ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
ReadConsoleA
SetEvent
GetCurrentProcessId
GetCurrentThread
GetACP
VirtualProtect
FlushFileBuffers
GetCompressedFileSizeA
InterlockedExchange
GlobalFree
GetCommandLineA
IsDebuggerPresent
FreeEnvironmentStringsA
LoadLibraryExA
GetSystemDirectoryA
HeapCreate
GetLocaleInfoA
GetCurrentProcess
OpenMutexA
RaiseException

user32

GetWindowTextA
ValidateRgn
SetActiveWindow
IsIconic
FillRect
ShowWindow
wsprintfA
GetCursorPos
BeginPaint
GetClassNameA
FrameRect
GetDlgItem
SetForegroundWindow
EndPaint
ReleaseDC
GetWindow
DrawTextA
GetFocus
GetParent

crypt32

CertControlStore
CertDuplicateStore
CertFindAttribute
CertCreateContext
CertCloseStore

apphelp

ApphelpCheckIME

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ