45e8db59cf5af6d4cd4df143e45f4960_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45e8db59cf5af6d4cd4df143e45f4960_JaffaCakes118
Size

79KB
MD5

45e8db59cf5af6d4cd4df143e45f4960
SHA1

d1df9c0ab342c5e9176e5c517dafc7fdd685f257
SHA256

5e379732f23ef338531c4acfd79925c092f673a16e51c3eaf15abda3416888fa
SHA512

07cf4826f94a6f6df0813bb4f1968fc6b0f9df0de05855ae3e1ed3872eecc7097050257a8b9da66eb3b9b043811653f8cf61ac203d1a8b032f8b63aa4458c2bd
SSDEEP

1536:cSwjxUpIKKdsHxjqxZA1v8f3/bffvOLDacruGT8oF3X1Vp0Whs8QiyN:MapqpDHWuGTlF3lb0gsri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45e8db59cf5af6d4cd4df143e45f4960_JaffaCakes118

Files

45e8db59cf5af6d4cd4df143e45f4960_JaffaCakes118
.exe windows:5 windows x86 arch:x86

487d73ea696b04ecd3302ac3f1d26f3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
lstrlenW
HeapDestroy
GetLocaleInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetCommandLineW
TlsGetValue
ExitProcess
HeapReAlloc
GlobalAlloc
ReleaseMutex
InterlockedCompareExchange
GetFileAttributesA
MultiByteToWideChar
LoadResource
GetCurrentThreadId
LoadLibraryA
FindResourceExW
ExpandEnvironmentStringsW
GetWindowsDirectoryA
CreateProcessW
WaitForMultipleObjects
GetFileTime
VirtualAlloc
VirtualFree
GetDiskFreeSpaceA

msvcrt

__setusermatherr
_amsg_exit
memmove
_lock

user32

GetDlgItem
GetWindowLongW
GetWindowLongA

advapi32

QueryServiceStatus
RegDeleteKeyW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ