5ef8b098b1e914b14904e4385c94c5f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ef8b098b1e914b14904e4385c94c5f9_JaffaCakes118
Size

192KB
MD5

5ef8b098b1e914b14904e4385c94c5f9
SHA1

35dfe4a77e447d03d3a6d273a84297a4c9d85ce2
SHA256

15661ac358ad5905d0e7056e5e0c91e19152bad7e163dfe4a94d55d459415084
SHA512

89c88bb3498eefbddee18a98a2aa6e45e0c48af949be7fa25cae39b0ec23021315e8a380b9d372b456748d9b485278f0734c09d3f9f59b657eff625be393dc40
SSDEEP

3072:+k+EFhy8B4yl0XrId+DhIaIEgPjFbAp0UmkcvlVapJxPrWCwJnTM0YGiAmxIf96v:5lFM8yi0r9IaIEghMpckAlcMCyotyzfU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ef8b098b1e914b14904e4385c94c5f9_JaffaCakes118

Files

5ef8b098b1e914b14904e4385c94c5f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65f1779b686361b65fa2914474ac66e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\duukEjqePX\tebjnMurqSN\hdpqDVVttABxsx\tkHZOlVN.pdb

Imports

kernel32

SetCurrentDirectoryA
EnumResourceTypesA
GetFileInformationByHandle
FlushFileBuffers
WaitForSingleObjectEx
EnumSystemLocalesA
HeapAlloc

shlwapi

PathUnquoteSpacesW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

GetForegroundWindow
MessageBoxW
KillTimer
CheckRadioButton

ntdll

RtlCaptureContext

Exports

Exports

?InsertCustomData@@YGKXZ

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ