5d800fcb93a1a58948ed4c6e53e983a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d800fcb93a1a58948ed4c6e53e983a3_JaffaCakes118
Size

31KB
MD5

5d800fcb93a1a58948ed4c6e53e983a3
SHA1

7b8f2cec83fe19d586b010ee80ab39888d8f5ec9
SHA256

2ea3cb052ce5518fc9a0b75a8445505f81855e6cdead6995fd19baef4ebce91f
SHA512

1ec10550fda05d92eab88b176e54d069a5759bbf0f0128899e02b4bc9961ef0f1b714dbd323fbdb377864ec368bd2aad8bd39463acdae47c1764c33b0320f230
SSDEEP

384:1uIZWoOu3QkX9l5B34nxxTwYCyrQ8W1WD2bwwm6tvPCuhzMRghHUjzYMWBRiWNfZ:kY3bOAQBWlPhzqnY1RzlMlR/bHrv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d800fcb93a1a58948ed4c6e53e983a3_JaffaCakes118

Files

5d800fcb93a1a58948ed4c6e53e983a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

395fad431f327f0a2813ca0b68822a1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CloseHandle
FileTimeToSystemTime
GetFileTime
CreateFileA
GetSystemTime
IsBadWritePtr
VirtualAlloc
VirtualProtect
VirtualFree
lstrcmpiA
CreateThread
ReadFile
GetFileSize
Sleep
WriteFile
DeleteFileA
SetFilePointer
HeapFree
LocalReAlloc
FreeLibrary
LocalAlloc
GlobalFree
_lwrite
_lcreat
GetVersionExA
GlobalAlloc
_lclose
_lread
_lopen
CopyFileA
MoveFileA
GlobalReAlloc
GetLastError
ExitProcess
GetVersion
GetSystemDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
lstrcpyA
lstrcpynA
lstrcatA
GetProcAddress
lstrlenW
WideCharToMultiByte
lstrcmpA
IsBadReadPtr
ExitThread
lstrlenA
LocalSize
HeapReAlloc
LocalFree
GetModuleHandleA

user32

GetWindowTextA
FindWindowExA
wsprintfA
GetActiveWindow

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

memset
_ultoa
strtoul
strstr
strtod
memcpy

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ