fea0e24a0f3df5ae47e68c459ea56115_JaffaCakes118 | Triage

Sharing

General

Target

fea0e24a0f3df5ae47e68c459ea56115_JaffaCakes118
Size

166KB
MD5

fea0e24a0f3df5ae47e68c459ea56115
SHA1

0a9a204d0f468a4de3d129c47eacc1bc86fc2bbd
SHA256

e01f66fe71a6db5611018eb9d6623b2081d164e39274f3f5b5e6e3bbfb8c35a0
SHA512

8d7a3d8407f89acec5931e71c1d75daa56e35bc58909c5e661f4b7ea73bbde1000be4853bbc6e420fc32ab995babab26c9b73385a9ae2427cda4ded379a83020
SSDEEP

3072:QgpJizdAPOa7zWq8LOO/izdAPOa7zWq8LOO:Q3zdnabzzdnab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fea0e24a0f3df5ae47e68c459ea56115_JaffaCakes118

Files

fea0e24a0f3df5ae47e68c459ea56115_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fc3a44c0c5ceea2e25d8cb6d3c32442e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ReleaseMutex
GetCalendarInfoA
ExitProcess
Sleep
FindVolumeClose
GetTickCount
TlsGetValue
GetDiskFreeSpaceA
FindClose
FindAtomA
CloseHandle
SetEvent
FindResourceExA
GetModuleHandleA
SearchPathA
DeleteCriticalSection
lstrlenA
GetLastError
VirtualProtect

advapi32

RegEnumKeyExA
LsaSetSecret
RegCreateKeyExA
CloseEventLog
OpenEventLogA
AccessCheck
IsValidSid
CloseTrace
RegLoadKeyA
GetFileSecurityA
RegCloseKey
FreeSid
LsaFreeMemory
LsaClose
RegCloseKey

msdtcuiu

DtcPerfCollect
DllGetClassObject
DtcPerfClose
DtcPerfOpen
DllRegisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE