9435288b14d532c3af767c00343974e4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9435288b14d532c3af767c00343974e4_JaffaCakes118
Size

44KB
MD5

9435288b14d532c3af767c00343974e4
SHA1

363932b96f2cb893917507a9a6a303a5e9c6d105
SHA256

e6e2922132e81ef80204ab442bdc2101866b7b009b14a758f199ff2bfe6efbe6
SHA512

563fac816bd11cedd1085ae723b72b9e9356a2a6f1834c8ab6ac290dd5d82da766d97f070d943145c6eaecb49c2d5817db5ebd9d80a6bc25c602a9fcc1b680f3
SSDEEP

768:OPlBpa6rtAgzK8UFkrZ8veltNgSE2oZ4Wz:6E65Av8U+rZ8GbEHZnz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9435288b14d532c3af767c00343974e4_JaffaCakes118

Files

9435288b14d532c3af767c00343974e4_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

d546f3f42c80146542ff984b8b2d3539

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrcmpiA
lstrcpyA
WritePrivateProfileStringA
GetFileAttributesA
LoadLibraryA
lstrcatA
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
CloseHandle
WriteFile
CreateFileA
GetProcAddress
lstrlenA
ExitProcess
DeleteFileA
GetCurrentProcess
GetShortPathNameA
GetCommandLineA
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateThread
FreeLibrary
CreateDirectoryA
MoveFileExA
GetSystemDirectoryA
GetTickCount

user32

EmptyClipboard
OpenClipboard
IsWindow
CloseClipboard
GetForegroundWindow
keybd_event
VkKeyScanA
GetClassNameA
GetWindowTextA
GetWindowLongA
MessageBoxA
SetClipboardData
wsprintfA

advapi32

OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
sprintf
??2@YAPAXI@Z
srand
rand
_strlwr

netapi32

Netbios

ws2_32

htons
inet_addr
closesocket
socket
WSAStartup
WSACleanup
gethostbyname
gethostname
connect

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE