084231fb49bcb5bd20ae051fac17bda7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

084231fb49bcb5bd20ae051fac17bda7_JaffaCakes118
Size

800KB
MD5

084231fb49bcb5bd20ae051fac17bda7
SHA1

f30cc9dff29e7b4edf4001d2fbd54bdd23c2c264
SHA256

2133b7e7d119a8d0cabacf0656f79a02151343044d416bf7d50a744f7896277f
SHA512

18780af9cf08129ee7d3bc1c45450948cbec34e00ee1b57b268ee9d6bc3dbb2d061a3abfd4d81286cb28c348f9244877e47f27fd585798664714a3b2a53beb29
SSDEEP

24576:payS+wDnUEq+GXH6Vm2mwC6hvLRXvrQeIO7HKLZyh:paV1UfXaqwzhtTI5Zi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
084231fb49bcb5bd20ae051fac17bda7_JaffaCakes118

Files

084231fb49bcb5bd20ae051fac17bda7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

247f71640918a49ea0f8263bebf34b8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetLastError
GetFileAttributesW
ResumeThread
ClearCommBreak
CreateMutexW
lstrlenA
HeapFree
GetPrivateProfileIntW
GetCurrentThread
VirtualProtectEx
DeviceIoControl
GetPrivateProfileSectionA
CreateEventW
GetProcessHeap
HeapDestroy
TlsGetValue
GetDriveTypeA
GetStringTypeW
DeleteFileA
LoadLibraryW
DeviceIoControl

clbcatq

ComPlusMigrate
SetupOpen
CheckMemoryGates
ComPlusMigrate
CheckMemoryGates
SetSetupSave
SetupOpen
CheckMemoryGates
ComPlusMigrate
SetupOpen
SetSetupSave
DllGetClassObject
DllGetClassObject

pdh

PdhCloseLog
PdhAddCounterA
PdhGetLogFileSize
PdhGetLogFileTypeA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ