JaffaCakes118_5dd36b82638e15936007cf495f55d620 | Triage

Sharing

General

Target

JaffaCakes118_5dd36b82638e15936007cf495f55d620
Size

13.0MB
MD5

5dd36b82638e15936007cf495f55d620
SHA1

3ba72b0f6aeee447d6eda839b20bc30c0dd80f33
SHA256

2896824b730913854e31b41bc3a6df606d85792c03d6b435e73ed8022a7887e7
SHA512

038823445ccc70984e921647ce555a3bc9521aefc4aceae5425a5dff96b780079a74055011f3261d45fbfe22159366c88c4309c2f515beba6866bbadb51ba397
SSDEEP

3072:LwGatcHwtl+h5fYdC7azLpUb2Y5G3wtl+h5fYdC7HIQDrwtR:kGUcHwtls5KCu49I3wtls5KCUQDrwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5dd36b82638e15936007cf495f55d620

Files

JaffaCakes118_5dd36b82638e15936007cf495f55d620
.exe windows:5 windows x86 arch:x86

92eb0d81e3e0a5c3867f886cba349fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbnmpntw

ConnectionVer
ConnectionError
ConnectionClose

user32

wsprintfW
MessageBoxW
PostMessageA
IsDialogMessageA
MessageBoxExW
GetActiveWindow
GetDlgItemTextA
FindWindowW
CreateWindowExA
GetClassLongA
LoadCursorA
CharToOemA
InsertMenuA

mprapi

MprAdminConnectionEnum
MprInfoBlockFind
MprInfoBlockAdd
MprAdminBufferFree

kernel32

TlsGetValue
GetProcAddress
DeleteFileA
GetVersionExA
Sleep
ReadFile
GetFileType
SetFileTime
GetModuleHandleA
GetProcessHeap
LoadLibraryA
GetFileSize
GetStringTypeA
IsBadReadPtr
InitializeCriticalSection
GetProfileSectionW
CreateSemaphoreA
GetCurrentThreadId
FindNextFileA
OpenFileMappingA

certcli

CACloseCA
CADeleteCA

modemui

drvGetDefaultCommConfigA
CountryRunOnce
drvSetDefaultCommConfigA
InvokeControlPanel
drvCommConfigDialogA

Exports

Exports

ServiceHandler

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.gdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 681B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcrs
Size: 12.8MB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ