db90e5c154dfb13ac5199eea3a196eed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db90e5c154dfb13ac5199eea3a196eed_JaffaCakes118
Size

211KB
MD5

db90e5c154dfb13ac5199eea3a196eed
SHA1

4dff23634d464e2ce72072fc0a168187c5bf3e32
SHA256

ddd4d0559ef1b91881ba9c571649444560fec188c0fe7afeb6fd880bddad8509
SHA512

5456b1822cec3b09d9e6a107599264c1e3945cf623f51498cd8e1b3b513ee54dc60352c4268f9e2a751f97d1de4bbb7e3661cc5f01916185c68c52a5e569d79d
SSDEEP

6144:YmZ0gtad52Ht5KB3s81juvl/sqffdMzkQYM7IQ:0gast5K5/olTffSBIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db90e5c154dfb13ac5199eea3a196eed_JaffaCakes118

Files

db90e5c154dfb13ac5199eea3a196eed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7f576aa0c2d9dee9fa6e3e21e135658

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GetModuleFileNameA
GetModuleHandleA
LocalAlloc
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetFileSize
lstrcpyA
GetCurrentDirectoryA
GetSystemDirectoryA
GetCurrentProcess
FreeLibrary
lstrcatA
CreateFileA
CloseHandle
Sleep
lstrlenA
IsProcessorFeaturePresent

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA

Sections

.lsT641
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ