5d53d730a694b14c556d4558bc2fe3fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d53d730a694b14c556d4558bc2fe3fa_JaffaCakes118
Size

17KB
MD5

5d53d730a694b14c556d4558bc2fe3fa
SHA1

7a6e3c6c0e3e9e09d3d4f255f72aa55d65b22210
SHA256

e3befff44dbe09267c1ec17bc8262909d6ee127b909f18d6340a2360462ddebb
SHA512

51e9bfad99021e7d4d90bf7236a09383807609130da1915da53b413961787faac5ca7b93a65d3e5d54871f8f406ed3c5df010bf496dfd6605d40925fcbc839d7
SSDEEP

384:Vg2w5umr360o5IoqXyJhYwHdo9ncxFYb:Vg9JCD+0YwHdo9V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d53d730a694b14c556d4558bc2fe3fa_JaffaCakes118

Files

5d53d730a694b14c556d4558bc2fe3fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9732ac678aa6876ffe18938c1226284d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CloseHandle
ReadFile
lstrcmpA
CreateFileA
UnmapViewOfFile
CreateThread
WriteFile
lstrlenA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
FreeResource
LockResource
GetTickCount
LoadResource
FindResourceA
WinExec
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
HeapFree
GetProcessHeap
HeapAlloc
SetFilePointer
LoadLibraryA
SizeofResource
GetProcAddress

user32

CharLowerA
RegisterClassExA
CreateWindowExA
wsprintfA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA

wsock32

ioctlsocket
socket
WSAStartup
connect
recv
send
closesocket
gethostbyname
inet_addr
htons

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ