ebe43958b1fc0d6cdb9299350c902fc2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebe43958b1fc0d6cdb9299350c902fc2_JaffaCakes118
Size

333KB
MD5

ebe43958b1fc0d6cdb9299350c902fc2
SHA1

2ea502bd1a6ac5622a8f5761594d501f00ad6c7f
SHA256

00d3a74d2fb4f2b40bb62395ec6fdab9d1ac3b494d3bd109e7a9747611e5ef9a
SHA512

4aceac8f2f3771f2b33051f80a3b8f6d8c9723b9853220159c561f60493d10dc1d72fc0edc1fa0ceb90db915525b6c887d431bb3b30231fd7461915a14d38b3c
SSDEEP

6144:/yIW4JMsvY8nHmKGuRvvFuSJvbWjw960RDvbjJD2VJq4r+G:aMJMGmVuRvdnJvbWjw9601bqBf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebe43958b1fc0d6cdb9299350c902fc2_JaffaCakes118

Files

ebe43958b1fc0d6cdb9299350c902fc2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b2f92e151b604a0c59c20b7089df0ea2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
GetDiskFreeSpaceA
ResumeThread
DeleteCriticalSection
CreateHardLinkA
HeapDestroy
GetLastError
SearchPathA
GetThreadLocale
VirtualProtect
GetStartupInfoA
ReleaseMutex
GetTickCount
ExitProcess
GetModuleHandleA
CloseHandle
SetEvent
Sleep
TlsGetValue
lstrcmpiA

advapi32

FreeSid
CloseTrace
LsaFreeMemory
IsValidSid
RegEnumKeyExA
GetFileSecurityA
LsaSetSecret
OpenEventLogA
RegCreateKeyExA
CloseEventLog
LsaClose
AccessCheck
RegCloseKey
RegLoadKeyA

cfgmgr32

CM_Delete_Range
CM_Add_Range
CM_First_Range
CM_Add_IDA
CM_Get_Child

shell32

DragQueryFileA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ