f2370c859020751eb7b364bf372392e5_JaffaCakes118 | Triage

Sharing

General

Target

f2370c859020751eb7b364bf372392e5_JaffaCakes118
Size

404KB
MD5

f2370c859020751eb7b364bf372392e5
SHA1

c0f50e974af1ff5bbc97bac0b0074a4530f0a61f
SHA256

2ca654de2b95cea6f3276a88163a7abf18539a5bc5897185303c732bcaa8e37e
SHA512

2a50da8f030e988979231f468e99ca6c52bd062c96aceed50a11a4a2751cdfe5b9dd4ee6e7cdf53a0437741eec0d9bc8c205733f0b58fef63593552116c37f58
SSDEEP

6144:Vaph5A/XOrhCLC8HaN5Npl0rQwvt1Gtq6wXJqfOZNaYfQqQla/o:VAM/+roLYerf/GtiX3aAWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2370c859020751eb7b364bf372392e5_JaffaCakes118

Files

f2370c859020751eb7b364bf372392e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

778ded6e9d2c9b12e49eeec2a28c9bda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
QueryPerformanceCounter
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
LoadLibraryA
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
VirtualLock
RtlUnwind
ExitProcess
InterlockedExchange

advapi32

InitializeSecurityDescriptor
RegSetValueExA
CreateServiceW
LookupAccountSidA
CryptSetProviderW
RegEnumKeyExA
RegSetValueW
RegConnectRegistryW
CryptReleaseContext
CryptGenKey
CryptEnumProviderTypesA
CryptDestroyKey
RegConnectRegistryA
StartServiceW
CryptGetHashParam
CryptContextAddRef
AbortSystemShutdownA
CryptSetKeyParam
RegOpenKeyExW

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ