f78bc7e454d72dc195b641d1b623e634_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f78bc7e454d72dc195b641d1b623e634_JaffaCakes118
Size

14KB
MD5

f78bc7e454d72dc195b641d1b623e634
SHA1

78effe1527119f46b12ff244d8d51d67fb288cdf
SHA256

c6d02f3dd1ce60c557b1b5c4b19bc0b4d3f058edadd89dd650eb90ed5754c361
SHA512

c7a6a69a8959ac0317ca05b6f3418ba667bf0437754730d2bfa22c50a416c727bf3c8c37fbd63f6396e497385b1c44a4bc2bd87198e7f339b3d07d3125e726ed
SSDEEP

192:Nykb5k30HvBszRlWyYA6wYVOAY2FiLixql9d+tDv2N:taCw6yYA6OsUe0l9d+tDv2N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f78bc7e454d72dc195b641d1b623e634_JaffaCakes118

Files

f78bc7e454d72dc195b641d1b623e634_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d2ac80f3ffb05ca2ad49eb40f4b513e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
IsBadStringPtrA
LocalFree
OpenFileMappingA
QueryDosDeviceA
SetProcessAffinityMask
TlsAlloc
VirtualQueryEx
_hwrite

advapi32

BuildImpersonateExplicitAccessWithNameA
GetAclInformation
GetSecurityDescriptorGroup
InitiateSystemShutdownW
MapGenericMask
OpenServiceA
RegNotifyChangeKeyValue
RegUnLoadKeyW
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityInfoExW

user32

CreateIcon
EnumDisplaySettingsExW
EnumPropsExW
GetClassLongA
GetDlgItemTextW
GetScrollRange
GetUserObjectInformationW
MoveWindow
OemToCharBuffW
SetMessageExtraInfo
SetShellWindow
TabbedTextOutA
TranslateAcceleratorW

shell32

Control_FillCache_RunDLLA
DuplicateIcon
ExtractAssociatedIconA
SHBrowseForFolderA
SHEmptyRecycleBinW
SHGetDiskFreeSpaceA
SHGetFileInfo
SHInvokePrinterCommandA
SheChangeDirExA
SheChangeDirW
SheGetDirExW
SheRemoveQuotesA
SheShortenPathA

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE