ff88bd50bce42a08ddfa486f1e002628_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff88bd50bce42a08ddfa486f1e002628_JaffaCakes118
Size

157KB
MD5

ff88bd50bce42a08ddfa486f1e002628
SHA1

88d5142b8e8dfe20f58a93eae75128341feef514
SHA256

b78aba25014638e0ef8311432aba3607e953981db9a321d22e4a97f090acbf37
SHA512

f64a4fe7b7974ec3af37b1bff637cb33724f23df64018d3b9d95ce4f8a581f426dc327993f773f09342607c519b0bdb72afb336bf0bd0d3eda9bbfec002a219e
SSDEEP

3072:NcZAz+573YhcZmTBrg0NFbjvTo6dFI+SXglZLjQ7SiCwlbycIg46:NcOC3Y/lTzPvFFI9QlZLj0Cwxyg46

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff88bd50bce42a08ddfa486f1e002628_JaffaCakes118

Files

ff88bd50bce42a08ddfa486f1e002628_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10155c15be5c3933837e4dca810c4db4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ExitProcess
GetCommandLineA
GetModuleHandleA
GetVersionExA
HeapAlloc
HeapCreate
MultiByteToWideChar
SetLastError
lstrcmpiA
lstrcpyA

advapi32

AllocateAndInitializeSid
DeleteService
ElfBackupEventLogFileA
GetSidSubAuthority
LsaEnumeratePrivileges
LsaQueryInformationPolicy
NotifyChangeEventLog
OpenProcessToken
RegQueryValueExW
RegSetValueExW

ole32

CoCreateGuid
CoCreateInstance
CreateAntiMoniker
IsEqualGUID
StringFromGUID2
CLSIDFromString

setupapi

SetupRemoveInstallSectionFromDiskSpaceListW

olepro32

OleTranslateColor
OleCreateFontIndirect
OleCreatePropertyFrame
OleLoadPicture

user32

UnregisterHotKey
SystemParametersInfoW

Sections

.text
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE