5645dfc7368e4d3e7f90bbd61502aadb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5645dfc7368e4d3e7f90bbd61502aadb_JaffaCakes118
Size

100KB
MD5

5645dfc7368e4d3e7f90bbd61502aadb
SHA1

6524f2daa403adfd4e20f4a025caf399eaf483f8
SHA256

f322d67cc77ddb6cbc9bc42bd8a8251ab20233ec6bc4930eb9871a8bbe3bc956
SHA512

142d7ed5d7814e0ea1f051e3f8f88d8a338eb0d1f473f0411c24a4c96edce69cf57d80fde9e0eb11d99a8e80bc0abc1e467f14567e69b96091e71554bc9dcb52
SSDEEP

1536:fvjyuEdBQAucu/LM3aCW80vkEZMyDA5Nrg3vqrB1o5Gh0NHpNW2M20:fvTEUVLMKuFg3vqIkwH5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5645dfc7368e4d3e7f90bbd61502aadb_JaffaCakes118

Files

5645dfc7368e4d3e7f90bbd61502aadb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

587498a45f95e12480bc366bb1649605

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

IsValidAcl
FreeSid
GetKernelObjectSecurity
CryptGenRandom
AccessCheck

kernel32

GlobalAddAtomW
ClearCommError
CloseHandle
GetNumaNodeProcessorMask
GetFileInformationByHandle
FreeEnvironmentStringsA
OpenProcess
LockFileEx
GetLastError
SetEvent

gdi32

SetWorldTransform
ExtFloodFill
GetDCBrushColor
SetPixelFormat
CheckColorsInGamut
CheckColorsInGamut
SetMapperFlags
GetClipBox
CheckColorsInGamut
ScaleViewportExtEx
GetMetaFileBitsEx
PathToRegion
ScaleWindowExtEx

crypt32

CertGetCertificateChain
CertSetEnhancedKeyUsage

actxprxy

DllRegisterServer

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdzd
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ