f544ba104d16e327c6e7bd98c1724e79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f544ba104d16e327c6e7bd98c1724e79_JaffaCakes118
Size

51KB
MD5

f544ba104d16e327c6e7bd98c1724e79
SHA1

05773746a8f57ddc3f56a2803a6aed0163356ddf
SHA256

6cb14e5c44d9f185da9d3cb923b72681d18fcf8d13ddf72780868784adfc2dab
SHA512

04879f6f0f6d19d8452f58fa95a3c7916bdf260e287b0212bac0efefe287bb02cf525a2c1033f5272acfbeab7a8120510c6448eebb32157548bbf78378843d09
SSDEEP

1536:yuUOyv3hlvhLjJjf4Vugxq6ahC6NN+sulAShiG:yROyv3r5NQVugxdc1IflRht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f544ba104d16e327c6e7bd98c1724e79_JaffaCakes118

Files

f544ba104d16e327c6e7bd98c1724e79_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d63ecc75e0047a21065481e4b999702b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
QueryServiceConfigA
GetSidSubAuthority
MapGenericMask
RegConnectRegistryA
RegOpenKeyExA
ControlService
LookupPrivilegeValueW
SetKernelObjectSecurity

user32

SetWindowPos
PostQuitMessage
CreateWindowExA
EndDeferWindowPos
SystemParametersInfoA
InflateRect
InvalidateRect
IsZoomed

msvcrt

_vsnwprintf
_wcsicmp
strncat
free
_isctype
iswctype
_ltow
_beginthread

gdi32

Ellipse
SetTextColor
DeleteObject
CreateRectRgn
Rectangle
RestoreDC
SetTextAlign
GetTextMetricsA
LineTo

kernel32

LCMapStringW
SetEvent
EnumSystemLocalesA
lstrcatA
GetUserDefaultLCID
ReadFile
GetEnvironmentStringsW
GetSystemTimeAsFileTime
TlsAlloc
GetLocaleInfoW
GetStdHandle
RtlUnwind
GetExitCodeThread
OpenProcess
QueryPerformanceCounter
GetFileAttributesA

ole32

CoTaskMemFree
CoDosDateTimeToFileTime
CoTreatAsClass
CoResumeClassObjects
CoGetPSClsid
CoDisconnectObject
CoUnmarshalHresult

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ