005fe573a4dbcc8d36a823b80c3bd8c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

005fe573a4dbcc8d36a823b80c3bd8c1_JaffaCakes118
Size

149KB
MD5

005fe573a4dbcc8d36a823b80c3bd8c1
SHA1

94241e8d7e092a25691f5c5e15dbcdefc05ece5f
SHA256

af66d5b752fe2f646f467b2b62d8abfb524b774e4111a73192951ed5297831c0
SHA512

9cadf5dd7556090b760d67680200c0e0b4399438648c6ba8a183a33f5207c2cbdc91978c2488b25a891c36f378e7db00006f9d8ffa2622c01596c3bf68d41bec
SSDEEP

3072:Ud7mQ6ZHb0NZsMM9WSpwhIszLl/YMGtUC:w72db0N2M7LhIs2McUC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
005fe573a4dbcc8d36a823b80c3bd8c1_JaffaCakes118

Files

005fe573a4dbcc8d36a823b80c3bd8c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

519842fda8dd4a951cd4b699a4543861

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetDiskFreeSpaceW
ResumeThread
GetCommandLineW
GetSystemTime
GetTickCount
CreateThread
GetComputerNameA
CloseHandle
LocalFree
FindAtomW
GetModuleHandleA
SetEvent
SetLastError
HeapCreate
ResetEvent
lstrcmpiW
LoadLibraryW
ReleaseMutex
CreateFileA

user32

GetClassInfoA
GetClipCursor
DrawStateA
CloseWindow
DispatchMessageA
GetKeyState
FillRect
SetFocus
CreateWindowExA
GetComboBoxInfo
GetDlgItem
DestroyCaret
CallWindowProcA
MessageBoxA

cryptdlg

CertTrustFinalPolicy
DecodeRecipientID
CertTrustCertPolicy
CertConfigureTrustA
CertTrustInit

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qmtbyph
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE