64ab8e0c18b17d00129432d318eebd58_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64ab8e0c18b17d00129432d318eebd58_JaffaCakes118
Size

44KB
MD5

64ab8e0c18b17d00129432d318eebd58
SHA1

0a0286da65feb0efea465326db1a649f3dcd3062
SHA256

b715007199c4408addd967c1e43d49c4c0bcb101e6a1110b0dd46986a7df2378
SHA512

43f436318b6338ce60a471d4925d838b1ec4e493cb829fb723ef3a1fef115a779c2214a94a8c65290f28575175f9086c2dad14e0d62225637f096f0fc30959ce
SSDEEP

768:d0BVX+rAA76sP8UFkrZ8veltN0noKZ4Wm:ezXGA5sP8U+rZ8GioKZnm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64ab8e0c18b17d00129432d318eebd58_JaffaCakes118

Files

64ab8e0c18b17d00129432d318eebd58_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

d546f3f42c80146542ff984b8b2d3539

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrcmpiA
lstrcpyA
WritePrivateProfileStringA
GetFileAttributesA
LoadLibraryA
lstrcatA
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
CloseHandle
WriteFile
CreateFileA
GetProcAddress
lstrlenA
ExitProcess
DeleteFileA
GetCurrentProcess
GetShortPathNameA
GetCommandLineA
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateThread
FreeLibrary
CreateDirectoryA
MoveFileExA
GetSystemDirectoryA
GetTickCount

user32

EmptyClipboard
OpenClipboard
IsWindow
CloseClipboard
GetForegroundWindow
keybd_event
VkKeyScanA
GetClassNameA
GetWindowTextA
GetWindowLongA
MessageBoxA
SetClipboardData
wsprintfA

advapi32

OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
sprintf
??2@YAPAXI@Z
srand
rand
_strlwr

netapi32

Netbios

ws2_32

htons
inet_addr
closesocket
socket
WSAStartup
WSACleanup
gethostbyname
gethostname
connect

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE