75c67f2e6b2f462498fd71417da74af7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75c67f2e6b2f462498fd71417da74af7_JaffaCakes118
Size

954KB
MD5

75c67f2e6b2f462498fd71417da74af7
SHA1

9cfb6fd5d7c1904d8a88a2088125aea6ad287527
SHA256

1f3c7f62fdde5435047b7139274040dec7516461b7f734a27157bc77f663c2ea
SHA512

e06625a097e7e8f915a5e668114ff018466af52854f5ae737c1ad8428740948963adc01c94cf090e5e7a6186220c6fd4c9be4897213735ebee431d49e0e5bdaa
SSDEEP

12288:NMZ68fP9Qo+I06LO9Wi/u9diIav2Mz4USCFXsXO:NMZ5fPio+I06fi/uLWe7XO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75c67f2e6b2f462498fd71417da74af7_JaffaCakes118

Files

75c67f2e6b2f462498fd71417da74af7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99e69220cfdbc14ac90d3235ce15fd88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
GetModuleHandleW
VirtualAlloc
CreateFileA

user32

LoadCursorW
GetSysColor
LoadCursorA
wsprintfW
wsprintfA
MessageBoxW
LoadStringW
CharUpperW

advapi32

RegSetValueExA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
FreeSid

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CLSIDFromString
CoUninitialize

msvcrt

exit
_initterm
_exit
_except_handler3
_controlfp
_cexit
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit

Sections

.text
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ