5cd8a23e3e50e4aa2d02404b7cbd2b3a_JaffaCakes118 | Triage

Sharing

General

Target

5cd8a23e3e50e4aa2d02404b7cbd2b3a_JaffaCakes118
Size

46KB
MD5

5cd8a23e3e50e4aa2d02404b7cbd2b3a
SHA1

5b993ea3e22c66c111bd2b0129489815d5f10ed5
SHA256

3d795c9f8a9a1d93a01ab77006c2192ad5675e5de0ea86dd876f31d5084cd1fc
SHA512

f385203390adb99573c7043c22a39508667ec1f98a6e92662611dfa8a275522cf067e5115aefcce1b9841a3e93f62cde330b17c10a9ace7de418271719d3fe5d
SSDEEP

768:EEt99UIq6ZdNbFZPv8gBkLnpUDhzJTsicI+cVaafGThxMJjX23i:EEnLZZLbf6LnKpJw/I+cVaafGThxqj2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cd8a23e3e50e4aa2d02404b7cbd2b3a_JaffaCakes118

Files

5cd8a23e3e50e4aa2d02404b7cbd2b3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

559c107237d00d807f5fb4fa531a29bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
ShowWindow
RegisterClassExA
PostQuitMessage
LoadIconA
LoadCursorA
InvalidateRect
GetMessageA
GetCursorPos
EndPaint
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint

kernel32

GetThreadContext
lstrlenA
lstrcatA
WriteProcessMemory
VirtualAllocEx
Sleep
SizeofResource
SetThreadContext
RtlZeroMemory
CreateProcessA
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
ResumeThread
LoadResource
LockResource

gdi32

TextOutA

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE