f824faab189fce25a2903f1aadb60f2b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f824faab189fce25a2903f1aadb60f2b_JaffaCakes118
Size

14KB
MD5

f824faab189fce25a2903f1aadb60f2b
SHA1

ec3d75d7ce25f21f1193ca8683029b16c58e918e
SHA256

a477b96c25e33a92dc46a5d3ff0ee44d7d530c5fef623fcdb428f6e2c93b9751
SHA512

a25b07e4f6950947b0550804fe1dbae678b6577e288e4795b7543d6dddc83684d87fa6faa17bf6207035e844210ec152f4e9da159a0c004f7722d661cb56e150
SSDEEP

96:+YQHOuTkKzXBnlF0nuqWZtsr35aBPGjz/H5W5oS/z974SwTsk6JTQFs0kfsxv:+YQHOuoKDtfZGFxf85hr974SwATtpf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f824faab189fce25a2903f1aadb60f2b_JaffaCakes118

Files

f824faab189fce25a2903f1aadb60f2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d88531003a3654b82b3e532b287d4b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BackupRead
EnumResourceLanguagesW
ExitProcess
FindClose
GetProcAddress
GetTapeParameters
GetTempPathW
GetThreadContext
GetThreadLocale
IsDBCSLeadByteEx
SetErrorMode
SetVolumeLabelW
VirtualAllocEx

advapi32

AbortSystemShutdownW
AllocateAndInitializeSid
CryptDecrypt
CryptExportKey
CryptSetProviderExA
GetNamedSecurityInfoExW
GetSecurityInfoExA
ImpersonateSelf
SetSecurityDescriptorSacl

user32

CharToOemBuffW
CreateMenu
DefMDIChildProcA
DestroyCursor
DrawCaption
GetProcessWindowStation
GetWindowPlacement
OpenDesktopA
SendNotifyMessageW
SetForegroundWindow
SetWinEventHook
TranslateAcceleratorA

Sections

.text
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ