f59f8760720f31337d98e3899e4558dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f59f8760720f31337d98e3899e4558dc_JaffaCakes118
Size

314KB
MD5

f59f8760720f31337d98e3899e4558dc
SHA1

4e0c5dc9e01af3150c0964ba6ad7e74ca29d6e10
SHA256

58116df1a1ccf018515dc1d57917852a0bf50a65cbff67655d013afc8b54ec1c
SHA512

56626828c06690588554f4dac125dbcc2a48243091e8c4952f6cb8d55d724f4d9dcf66fb1070586c5ef2f081814791bf34bf78286df0cb05ee5a4c9c8efe0cca
SSDEEP

6144:VYXA3h/cFsWvXRfFnkkwXFWXnDNkGk3G8vso5gWwCxpgLzDHaYd6eoDDBVR0:7EsWvXRtVa6RIW8k5WwkTYd6eMBVy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f59f8760720f31337d98e3899e4558dc_JaffaCakes118

Files

f59f8760720f31337d98e3899e4558dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f13c25b8c88395c444c0d69e97b7857b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
TlsSetValue
GetTimeZoneInformation
OutputDebugStringA
GetStringTypeA
GetStringTypeW
EnumSystemLanguageGroupsW
IsValidCodePage
DebugBreak
LCMapStringW
GetLocaleInfoA
LCMapStringA
WriteConsoleW
CompareFileTime
OutputDebugStringW
GetCPInfo

winmm

sndPlaySoundA

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

oledlg

OleUIBusyW

advapi32

GetUserNameA
GetSecurityDescriptorLength
DuplicateTokenEx
QueryServiceStatus
AddAce
LookupAccountSidA
IsValidSecurityDescriptor
InitializeSecurityDescriptor
PrivilegeCheck
SetSecurityDescriptorOwner
RegOpenKeyExW

oleacc

CreateStdAccessibleObject
ObjectFromLresult

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ