2029f933cf3efd312c3588dd780cfee3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2029f933cf3efd312c3588dd780cfee3_JaffaCakes118
Size

799KB
MD5

2029f933cf3efd312c3588dd780cfee3
SHA1

026c45440ec694ffccd93731647922ac538c4541
SHA256

c1d088df3cb656452e30f99adcb2d2e7c8aa7855cf34f69f2a8cc27d550ee6cd
SHA512

0ece58b1251c3a0c916135051756e21fb4aa8e55c5128df736931fe389b4ef97adb8467c9760544cb4cec3828a9658abd01ab87eab254b3294bad08f1b2bb10f
SSDEEP

12288:ZTTZMM7kAY6TvIItOvK+woTkfaHzeGPCLqZk7bocnNg8/1Gm0D3ryucS6kIzid:ZTTb7k4vIItYTkfs367DCrm0Tz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2029f933cf3efd312c3588dd780cfee3_JaffaCakes118

Files

2029f933cf3efd312c3588dd780cfee3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4be22e0bba3c8788ad7a8206b0bb8942

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetPriorityClass
GetLocaleInfoW
LocalLock
GetFileAttributesA
VirtualProtectEx
GetTickCount
TlsGetValue
CreateDirectoryW
GetFileAttributesA
FindClose
GetExitCodeThread
SetLastError
GetStringTypeA
MapViewOfFile
IsValidCodePage
GetModuleHandleA
SuspendThread
HeapFree
RemoveDirectoryW
GetCurrentProcess
FindResourceW

advapi32

CreateProcessAsUserA
IsValidSecurityDescriptor
InitializeSid
IsValidAcl
RegQueryValueW
IsValidSid
RegDeleteValueA
RegCreateKeyExW
RegEnumKeyA
IsTextUnicode
ClearEventLogW
CreateServiceW
ControlService

msctf

TF_InitSystem
DllUnregisterServer
DllUnregisterServer
DllCanUnloadNow

rasapi32

DwRasUninitialize

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 789KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE