95f9e4587e271eb4f66fc495cda47ade_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95f9e4587e271eb4f66fc495cda47ade_JaffaCakes118
Size

37KB
MD5

95f9e4587e271eb4f66fc495cda47ade
SHA1

7f54a9a18cb09cb09ec078c400f2237caa004aa2
SHA256

40cf295962c4ccda96fa0e1ac09e64e5d642c2ccf84cef32c9d4c86ec5970828
SHA512

a1b68dbe334997f6957ed8763aa630da23679c50ff6ae4c462cddc1ff93a957bdb625f56832fa2270f705b61e4936f56b755f41ac998be7cd01e32db85f4fb5c
SSDEEP

768:HlIF37WSlDiCSSDaXdF+jCSSDaXdF+JCSSDaXdF+H:Fyl/SY+AWSY+AQSY+AH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95f9e4587e271eb4f66fc495cda47ade_JaffaCakes118

Files

95f9e4587e271eb4f66fc495cda47ade_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d5f560c139e43a88531852b0734eb2e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
strtok
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_c_exit

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

kernel32

GetLastError
lstrcmpiA
GetModuleHandleA
GetStartupInfoA
GetVersionExA
GetCurrentProcess
CloseHandle
SleepEx
CreateMutexA

gdi32

GetStockObject

user32

SetForegroundWindow
LockSetForegroundWindow
MessageBoxA
CreateDialogParamA
GetDlgItem
SendMessageA
ShowWindow
DestroyWindow
ExitWindowsEx
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
DefWindowProcA
PostQuitMessage

comctl32

ord17

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ