b1613f796d599237fb1d5949061f074d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1613f796d599237fb1d5949061f074d_JaffaCakes118
Size

44KB
MD5

b1613f796d599237fb1d5949061f074d
SHA1

27b7d64ffd94f0d89e86414841ef1fd1ffbd1f8c
SHA256

9a3cddf2d70a2144772a445238c6b271face948ee0da813432eb6fe4ba471255
SHA512

dba67c98a3a62658c12dfed81b4c77acb57c18b4cb5c306583faaa4240d8ea19d8bdd94e5e62cebf9a700cd4b3e9a6a1e7deae210cf3995124473c365eabc7c3
SSDEEP

768:LkBVNjxAA7/o8UFkrZ8veltN01lSAZ4Wq:4zN1A0o8U+rZ8GwljZnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1613f796d599237fb1d5949061f074d_JaffaCakes118

Files

b1613f796d599237fb1d5949061f074d_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

d546f3f42c80146542ff984b8b2d3539

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrcmpiA
lstrcpyA
WritePrivateProfileStringA
GetFileAttributesA
LoadLibraryA
lstrcatA
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
CloseHandle
WriteFile
CreateFileA
GetProcAddress
lstrlenA
ExitProcess
DeleteFileA
GetCurrentProcess
GetShortPathNameA
GetCommandLineA
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateThread
FreeLibrary
CreateDirectoryA
MoveFileExA
GetSystemDirectoryA
GetTickCount

user32

EmptyClipboard
OpenClipboard
IsWindow
CloseClipboard
GetForegroundWindow
keybd_event
VkKeyScanA
GetClassNameA
GetWindowTextA
GetWindowLongA
MessageBoxA
SetClipboardData
wsprintfA

advapi32

OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
sprintf
??2@YAPAXI@Z
srand
rand
_strlwr

netapi32

Netbios

ws2_32

htons
inet_addr
closesocket
socket
WSAStartup
WSACleanup
gethostbyname
gethostname
connect

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE