089a27ca3f11e8a38f382ec2a13b562f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

089a27ca3f11e8a38f382ec2a13b562f_JaffaCakes118
Size

8KB
MD5

089a27ca3f11e8a38f382ec2a13b562f
SHA1

7df214cf755a8ef307edf0e28e53ad28849e39a1
SHA256

b53746ee48ee7e742bb082af589bd2bd09ef88c56fee0bd84643102d46194282
SHA512

ebe998914d04f72121d36e257c34eac7b140b03ec205844d1dd3245c30aff00289ac4333032418fbf3ae9601650e317e3c8a418a6ed1d70e1c71f6aba8c8454e
SSDEEP

192:+mAEr9VT4nz18pHTGmCpouGzlRc5c2Kfdy5dKX:+mACfUBuHTp+GzvcK/fdy5d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
089a27ca3f11e8a38f382ec2a13b562f_JaffaCakes118

Files

089a27ca3f11e8a38f382ec2a13b562f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d4e478083d5762d09b7b5913ec834f5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
ExitProcess
InitializeCriticalSection
InterlockedIncrement
Process32First
RaiseException
ReadConsoleInputA
RtlMoveMemory
SetThreadExecutionState
SetupComm

advapi32

ClearEventLogA
CryptDecrypt
InitializeSecurityDescriptor
LookupAccountNameW
OpenSCManagerA
RegCreateKeyW
RevertToSelf
SetEntriesInAccessListW

user32

DrawStateA
DrawTextExW
GetKBCodePage
HideCaret
LoadKeyboardLayoutA
LoadStringA
UnlockWindowStation
VkKeyScanExA
WaitForInputIdle

Sections

.text
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ