00f5da8b1b4539508a418bda650f68b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00f5da8b1b4539508a418bda650f68b0_JaffaCakes118
Size

104KB
MD5

00f5da8b1b4539508a418bda650f68b0
SHA1

d9bc9078852928918550eaedae7a2c4b85149a7c
SHA256

5ce9dcd9d5d37e50f21dc074ac677ec1c75f0d28f05ab9f3d1e3ad07f6e65b1d
SHA512

18fb8bc085aec344ce1ca04824773115f30b9ef13f8de3d17b92ff0584a212f394a02b8c2e4b67542b5abd2d3c3b63a83cb6470a19761165a42852150d2686cf
SSDEEP

384:d77pYjvY6XtpoqG+vcmf3dmG76m0S7zIRUjvY6XtpoPziq7HDefCRdpSQXtP0PhJ:eh7XGicm3X1jnUOh72+JStPOhKby

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f5da8b1b4539508a418bda650f68b0_JaffaCakes118

Files

00f5da8b1b4539508a418bda650f68b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c39b66e6fba1d4c0e922f13b81d96b90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

klipopga.pdb

Imports

kernel32

GetFullPathNameA
SetFileAttributesW
SetLastError
WriteFile
InterlockedExchange
GetCurrentProcess
HeapCreate
CopyFileA
CreateEventA
GetTimeFormatA
GetDiskFreeSpaceA
InterlockedDecrement
WriteProcessMemory
GetCurrentThreadId
GetComputerNameA
IsValidLocale
GetAtomNameA
FoldStringW
GetCurrentDirectoryA
SleepEx
LoadLibraryA
GetDateFormatW
CreateDirectoryA

upnphost

DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
ServiceMain

ctl3d32

Ctl3dEnabled
Ctl3dRegister
Ctl3dUnregister

dbnmpntw

ConnectionRead
ConnectionVer
ConnectionClose
ConnectionError
ConnectionWrite

user32

DrawIcon
CreateWindowExW
SetCursorPos
GetWindowTextA
DialogBoxParamW
LoadImageW
wsprintfA
IsWindow
IsCharLowerA
DispatchMessageA
ShowWindow
PeekMessageA
CharToOemA
SetFocus
GetMessageA
GetCaretPos

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ