d5593a3367a2a9b606c3aee8ec2cde69_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5593a3367a2a9b606c3aee8ec2cde69_JaffaCakes118
Size

806KB
MD5

d5593a3367a2a9b606c3aee8ec2cde69
SHA1

bf38eaedf8f0ac665523f750d11fd046dea296b3
SHA256

11c4b47892edadaa528328faacce4b8a8617f3418901dd7a68598ef02f0c693d
SHA512

b805ef99e69d67a873c06daa27355bd080a202a04c53f47c76b5af72d8c645778f4f674701256adca8ce7a4d80c2eef67c4b77a0da5a960d259ddbed9528ffc5
SSDEEP

12288:KALCTL2xrGH5kuG9KRkQHD3c/4oMYcmqWA0zFVIzbt7h4zbOVVm546i8jQslmGCq:tsG/AH7g4oMY8WA0ZVIdj/m545iluCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5593a3367a2a9b606c3aee8ec2cde69_JaffaCakes118

Files

d5593a3367a2a9b606c3aee8ec2cde69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86f42dc7d8a3c431d91c5ff1bd08faa3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
GlobalFree
VirtualAlloc
FindVolumeClose
GetModuleHandleW
CreateThread
ResetEvent
GetDriveTypeW
CloseHandle
ResumeThread
WriteFile
GetPrivateProfileIntW
LocalFree
lstrlenA
GetMailslotInfo
InterlockedExchange
GetACP
LocalSize
GetExitCodeProcess
GetEnvironmentVariableA

user32

IsWindow
EndDialog
GetCursorInfo
GetClassInfoA
GetClientRect
DrawStateW
GetSysColor
GetSysColor
GetKeyboardType
SetFocus
CreateWindowExA
DispatchMessageA
CallWindowProcW

qedit

DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllGetClassObject

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 797KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ