5e6ff835e2d288816eb94c42e9908f44_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e6ff835e2d288816eb94c42e9908f44_JaffaCakes118
Size

38KB
MD5

5e6ff835e2d288816eb94c42e9908f44
SHA1

18f20c77d8e577e9bc3cd7d2a8414c50b1ba4682
SHA256

7f9cf7a8b4dcd619c0192e653dd34b82ca7e38ce9376c870cf35660f83445b7d
SHA512

9689fe04d609562f17bc162b0500d31e0233673e44bc252e00b1454838264c37d55d6b57d0fd1819cfc89a66a5b619099adef45fba779e1b162ce76bd3f0b509
SSDEEP

768:v5o66iBh959r+Y4K94hqrxDj2S++S8dHXcPt8gbawz:v5o6nj1qmBxuS++txc7bawz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e6ff835e2d288816eb94c42e9908f44_JaffaCakes118

Files

5e6ff835e2d288816eb94c42e9908f44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4874bfab910c27cf712f682976890f9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
CloseHandle
WriteFile
CreateFileA
lstrcatA
lstrcpyA
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
WinExec
GetProcAddress
TerminateProcess
ReadFile
Sleep
CreateProcessA
GetStartupInfoA
CreatePipe
CopyFileA
GetFileSize
FindFirstFileA
SetCurrentDirectoryA
ExitProcess
GetEnvironmentVariableA
GetPrivateProfileIntA
GetPrivateProfileStringA
FindNextFileA
CreateDirectoryA

user32

ShowWindow
PostQuitMessage
DestroyWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
SendMessageA
LoadCursorA
MessageBoxA

shell32

ShellExecuteA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ