aed7120328d1178bb11ae8a029fc6854_JaffaCakes118 | Triage

Sharing

General

Target

aed7120328d1178bb11ae8a029fc6854_JaffaCakes118
Size

262KB
MD5

aed7120328d1178bb11ae8a029fc6854
SHA1

a81d2fce8c1f7dcefde149f0ed53f36e9af6f062
SHA256

0167b5509d7491f76be962a85b4b2638aac06a4cef0fc3dbff155a63dc058d25
SHA512

9eef5728d823a12bc63010b64f6fb4c63bc144fd480d38547a93d48fa7e7d828f36537d21cab4a724f5caf810767b9d2b14c1abda0407d634cde01bb49a12f19
SSDEEP

6144:yeuqqTPZEnjdVF1pTsF1lVVBsVEiMTJeIBjFWLXx/:yEqTPKd71i6W4IBgLXl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aed7120328d1178bb11ae8a029fc6854_JaffaCakes118

Files

aed7120328d1178bb11ae8a029fc6854_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9105413c8214e3ef27a270d2ac86357b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

calloc
_wstat64
??2@YAPAXI@Z
_iob
memmove
_onexit
free
malloc

advapi32

QueryUsersOnEncryptedFile
RegSetValueExW
GetSecurityDescriptorGroup
RegCloseKey
RegEnumValueA
RegEnumKeyW
RegCreateKeyExA
RegEnumKeyExW
RegOpenKeyExA
OpenProcessToken
ObjectOpenAuditAlarmA
RegOpenKeyExW
RegSetValueA
RegCreateKeyExW
GetTokenInformation
ElfRegisterEventSourceA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueW
OpenThreadToken
WriteEncryptedFileRaw
RegSetValueExA
GetLengthSid

kernel32

HeapAlloc
GetCommandLineA
GetStartupInfoW
lstrcmpA
GetCurrentThreadId
CreateFileA
GetFileTime
GetUserDefaultLCID
GetWindowsDirectoryA
GetCommandLineW
GetSystemInfo
lstrlenA
DeleteFileA
GetOEMCP
GetThreadLocale
VirtualAlloc
InterlockedDecrement
GetTimeZoneInformation
GetProcessHeap
lstrcmpW
GetFileAttributesW
HeapFree
GetModuleHandleW

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ