f15d0aa08f252551225125dd85808570_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f15d0aa08f252551225125dd85808570_JaffaCakes118
Size

60KB
MD5

f15d0aa08f252551225125dd85808570
SHA1

84007c6ac31679edb75eb9949f79f5492b290a91
SHA256

1a2197535b68facab52964c5e31cf4a3c373a68d0e0d45d7d4d477b875721051
SHA512

bd5ce56de8498c0a94360f1dd91d40456541dc92aa08a087b081ca176cfce167ca834443912f4599df778048cbb81d2870417dd386f3ac770f7f47400ccd0cbe
SSDEEP

1536:kJ0WZmtz97d/u0OKL3u3dQw+wz5UtULCNm:kJ04mtBMLQw+w9oULCNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f15d0aa08f252551225125dd85808570_JaffaCakes118

Files

f15d0aa08f252551225125dd85808570_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9719d72d8b037e3128540363930cdc8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CommConfigDialogW
ExitProcess
GetEnvironmentStrings
GetFileTime
GetStartupInfoW
GetStringTypeExA
LCMapStringW
OutputDebugStringW
Toolhelp32ReadProcessMemory

advapi32

BuildTrusteeWithSidW
ChangeServiceConfigW
ConvertSecurityDescriptorToAccessA
CryptSetProviderW
CryptVerifySignatureW
GetServiceKeyNameA
GetUserNameA
InitializeSid
IsValidAcl
OpenEventLogW
PrivilegeCheck
RegQueryInfoKeyW
SetKernelObjectSecurity

gdi32

Arc
CreateFontW
CreateHalftonePalette
CreatePatternBrush
Ellipse
ExtCreateRegion
GetObjectW
PathToRegion
SetColorSpace
UnrealizeObject

Sections

.text
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE