db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118 | Triage

Sharing

General

Target

db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118
Size

10KB
MD5

db5bd72dae2c7eb8d3343a38c717e9cd
SHA1

4877368a753bb81ff811514c4b3bea26434822d9
SHA256

ffa40311160948225c47164e2cf88390ae06c33523562b0f462b78496bf26c1e
SHA512

56af1fa52d18642332026cffbca8875da09f22cce898a17de4e8a65b32718c9606942f97a99ce3dc0ca8c64529728079d95d534707dfcc3f24e810f4c02b559d
SSDEEP

192:AviDQM7FFmfkcjTyCmV+Yh/4QAKYiNcrS1a3BQznhB9Yi1oyn:AbfyCmV+G6UN8S1awCi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118

Files

db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8589c15dffdffac765c905ed31b78c85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3
strncpy
strcat
memset
??3@YAXPAX@Z

mfc42

ord6383
ord5440
ord6394
ord5450
ord3663

kernel32

GetSystemDirectoryA
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
MapViewOfFile
CloseHandle
GetVersionExA
UnmapViewOfFile
SetLocalTime
GetLocalTime
Sleep
SetFileAttributesA
CopyFileA
GetModuleFileNameA
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
WinExec
GetWindowsDirectoryA
VirtualProtectEx
GetCurrentProcess
OpenProcess

user32

FindWindowA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId

advapi32

GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
StartServiceCtrlDispatcherA
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA

shell32

ShellExecuteA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ