5ecc9dec6a240a91afa9065ceed92441_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ecc9dec6a240a91afa9065ceed92441_JaffaCakes118
Size

636KB
MD5

5ecc9dec6a240a91afa9065ceed92441
SHA1

42e52ecb339143632f72abf4401b110021beafb5
SHA256

7166f0cbf602b9a163e6f8175c44850fc971737e3ac262068b48f8b04993c8dc
SHA512

d24eff6e153b6de36cf5f3b82be3fddaf55f3206ea7d3dc8d700823f1460e97a47b6fa251a54e6011d4f8786dc3387a7c7f05ae08d475298ca61a7e5312badf0
SSDEEP

12288:Gdh9mB+K/g9xb9B5YqIizD9NT/BbgyyEFf5/knBUetEmh8i8yxwvSK4tFa96s:Y9mB+D7bj5rIitNbBTfayOtwvb4tFFs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ecc9dec6a240a91afa9065ceed92441_JaffaCakes118

Files

5ecc9dec6a240a91afa9065ceed92441_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef4e0c9c341ac91a3369c6d795af3beb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetLogicalDrives
CreateIoCompletionPort
GetCurrentProcessId
HeapCreate
GetTapeStatus
GetCurrentThread
IsDebuggerPresent
WaitForSingleObject
GetStdHandle
HeapQueryInformation
GetProcessVersion
GetProcessHeap
VirtualProtect
HeapDestroy
GlobalMemoryStatus
GetTimeFormatA
GetACP
InterlockedExchange
LoadLibraryExA
GetEnvironmentStringsA

user32

BeginPaint
GetFocus
DrawTextA
ReleaseDC
FillRect
GetClassNameA
GetWindowTextLengthA
GetTitleBarInfo
DragDetect
SetActiveWindow
GetWindow
GetParent
GetCursorPos
ShowWindow
FrameRect
wsprintfA
EndPaint
SetForegroundWindow
GetDlgItem

advapi32

RegEnumKeyA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegFlushKey

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ