58e11fee744e81ae3109dd0552561219_JaffaCakes118 | Triage

Sharing

General

Target

58e11fee744e81ae3109dd0552561219_JaffaCakes118
Size

76KB
MD5

58e11fee744e81ae3109dd0552561219
SHA1

723e36d0e08e1360c6bbe01fadc741056982d839
SHA256

5493f7935a9ccade975afd856c5e1b39b23ef892931bd7176a585fae5212efbf
SHA512

c69dd203ceead30820c4646ab2c7570351cb4ff276af1dad38691fd096b5fe6448cf4f64504ab995a6accb1eae01369498a25c1af88daa2aa7a61038e7f7cb6d
SSDEEP

1536:TQuCvwbtQr8KUK980n2nrzbhSRYbpnKKEOvcFJB2JZBtpYknk+lk79:MwJQrXUu8BnrXUYREOvcJupYkk+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
58e11fee744e81ae3109dd0552561219_JaffaCakes118

Files

58e11fee744e81ae3109dd0552561219_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b8192db17a4966d5413bbb399dbe3c2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

MD5Update
MD5Init
MD5Final
CDLocateRng
CDBuildVect

user32

LoadBitmapA
GetPropA
CreateDesktopW
DrawStateA
IsCharLowerW

kernel32

WriteProcessMemory
OpenEventA
lstrcmp
GetFileAttributesW
EncodePointer
InterlockedExchange
GetOEMCP
CreateEventW
GetModuleHandleA
OpenFileMappingA
GetEnvironmentVariableA
VirtualAllocEx
GetVolumeNameForVolumeMountPointW
LoadLibraryExW

crypt32

CertOpenStore
CertCloseStore
CertFreeCTLContext
CryptMemAlloc
CertFindCTLInStore
CryptMsgClose
CertDuplicateCRLContext
CertCompareCertificate
CertDeleteCTLFromStore
CertGetNameStringA
CertAlgIdToOID
CertCreateCRLContext

shell32

ExtractIconW
DragQueryFileW
SHQueryRecycleBinA
ShellExecuteW
DragQueryPoint
FindExecutableW
SHEmptyRecycleBinW
FindExecutableW
SHDefExtractIconA
ShellAboutA
SHGetFileInfoA
SHGetDataFromIDListW

clusapi

CloseCluster
CloseClusterGroup

shlwapi

UrlEscapeA
UrlCombineA

advapi32

RegSaveKeyW
RegReplaceKeyW
ControlService
RegDeleteValueA
CryptSignHashA
CreateServiceA
RegCreateKeyExW
RegUnLoadKeyA
RegCloseKey
LogonUserA
OpenEventLogW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.joi
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_MEM_WRITE