5e437940f6b3f1716b613b06801d2c01_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e437940f6b3f1716b613b06801d2c01_JaffaCakes118
Size

391KB
MD5

5e437940f6b3f1716b613b06801d2c01
SHA1

6577a38c11c478dcaed76ae75f4fdbbc6b37486a
SHA256

317b6e0b11cd3414d06227c1fc4680fff098126840ad84f9bbaeaab02e3a360b
SHA512

8d8920740c1786eb8bba6c0dc298c68ff3b31bef6c1685b4df09b6383ee7ca1b2f4d740721ac7b6e1f94a6e11f0c402c8bb36b6ab4be3b9e65c070fb60823bd4
SSDEEP

12288:72ZyRMmfHEAJLjpFv6w2K/PkFtlVMHFWg1EOfoMzCc3Sa0n:qZyRMmfkAJLjpFvN/ytkjEOfoMWN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e437940f6b3f1716b613b06801d2c01_JaffaCakes118

Files

5e437940f6b3f1716b613b06801d2c01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

626066623f743a589f480ae1e0a752bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
InitializeCriticalSection
TlsGetValue
LoadLibraryW
LocalFree
GetEnvironmentVariableW
IsBadStringPtrW
HeapCreate
lstrlenW
CreateEventW
GetFileTime
ReleaseMutex
GetCurrentThreadId
GetPrivateProfileStringA
GlobalFlags
FindClose
FindAtomA
GetDriveTypeA
WriteFile
ReleaseMutex

user32

GetClientRect
DispatchMessageA
GetClassInfoA
GetSysColor
DrawTextA
GetSysColor
DrawStateW
CallWindowProcW
CreateWindowExA
EndDialog
GetKeyboardType
IsWindow
SetFocus

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ