5d418ff140e6eb4cab4310995e1da29a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d418ff140e6eb4cab4310995e1da29a_JaffaCakes118
Size

212KB
MD5

5d418ff140e6eb4cab4310995e1da29a
SHA1

263cf50d68b5e0ec05f39cade94292f2eb5dddb2
SHA256

6db7c965919855b13114fc75cf114f39c15d0dc85e0ad1fbc569a964c9742c67
SHA512

7aeac785e75dcc8146173246a44a963a953072d7b101b37f25d85d8070499e796a2555a6573a1892460c2e0adcffaa3b36233d8d8672d491729949f41bb94cf6
SSDEEP

6144:1e0yEUy0j86Q3urWCVVwfdwqsXH/PpJcb9nW56x:sI6jWGVSdE/0NWk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d418ff140e6eb4cab4310995e1da29a_JaffaCakes118

Files

5d418ff140e6eb4cab4310995e1da29a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e8c60f5cf20adacbbacd455731bca2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLastError
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
SetFileTime
GetFileTime
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
SetEndOfFile
WriteFile
GetProcAddress
LoadLibraryA
lstrlenA
GetSystemDirectoryA

shell32

SHChangeNotify
ShellExecuteExA

shlwapi

PathStripPathA

msvcrt

_controlfp
_except_handler3
_stricmp
__set_app_type
__p__fmode
__p__commode
strcpy
memcpy
memset
sprintf
strncpy
printf
atoi
_snprintf
strrchr
__p___argv
__p___argc
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

Exports

Exports

AutoDel
Port
dllName
szIP
vPasswd

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ