fb59813f6b97b1315171fe7f1bef1557_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb59813f6b97b1315171fe7f1bef1557_JaffaCakes118
Size

369KB
MD5

fb59813f6b97b1315171fe7f1bef1557
SHA1

0633dfddfc15bcd446c81eabeb98681517280448
SHA256

8471f60b212db18a1a15451e2cb7a8b952ee982ce913a2d1c522a03cb8e62201
SHA512

c1123ceb63c503e623c368103b070af40ff11c7e53378e9cba3a5f98615ff9faefda35a5bb457ee42e4d4d59695899929cbcf3aa1a0e9b303cbc63b9fdd332dc
SSDEEP

6144:Xyn6WdPvJQC0GZfYZsHUOZtPHmB1YCG9QRJkWamyAL+XN4vDBquV6YgZK3gYCrbG:Xy1d3JQC0GZfYZsHUiJw1YCmAJ5am97R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb59813f6b97b1315171fe7f1bef1557_JaffaCakes118

Files

fb59813f6b97b1315171fe7f1bef1557_JaffaCakes118
.exe windows:4 windows x86 arch:x86

69830e86a920fdaf6eb24f6e5ad7acc2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
LoadLibraryA
RemoveDirectoryA
RtlUnwind
WritePrivateProfileStringA
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
LocalSize
HeapReAlloc
HeapAlloc
HeapCreate
GetSystemTimeAsFileTime
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
GetTickCount

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExW
RegCreateKeyA
CryptEnumProviderTypesW
RegConnectRegistryW
RegConnectRegistryA
CryptEnumProvidersA
CryptSetKeyParam
LookupPrivilegeNameW
InitializeSecurityDescriptor
CryptEnumProviderTypesA
RegQueryMultipleValuesA
CryptHashData
CryptGetDefaultProviderW
RegEnumKeyW
CreateServiceW
CryptImportKey
CreateServiceA
CryptHashSessionKey
RegEnumValueA
StartServiceA
RegDeleteValueW
CryptEncrypt

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ