06fe5991c2f7761db4955797e911d716_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06fe5991c2f7761db4955797e911d716_JaffaCakes118
Size

323KB
MD5

06fe5991c2f7761db4955797e911d716
SHA1

5aabe94699c6ebfd7753e712ed5280c2a0f6555c
SHA256

92c35b66d28d94ba4a9532f2b4771e99056870c4cc4d53b643f1519cc0184c06
SHA512

ef255eff50ec091f995564c9719ab8a505641f6402b65a8ece61677d6ac516449bcabe4d8bf764eddce2f51cee3de86a009d0feed642e44daede8dcd973581b4
SSDEEP

6144:5HewmcwRYG1CNOkqzwV6jdYsAIFQ2/4epJYEozLYdfNZ2BFQlW+PABb6PFHj:ZmcwRbm6ptJezLYhNMGHABb6NHj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06fe5991c2f7761db4955797e911d716_JaffaCakes118

Files

06fe5991c2f7761db4955797e911d716_JaffaCakes118
.exe windows:4 windows x86 arch:x86

641572cc1e2d5645e0f5ae1443fb7572

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
LoadLibraryW
CreateThread
SuspendThread
GetTickCount
CloseHandle
LocalFree
GetModuleHandleA
SetEvent
HeapCreate
GetFileAttributesA
CreateFileA
GetDriveTypeW
GetDiskFreeSpaceA
lstrlenA
GetSystemTime
GetExitCodeProcess
SetLastError
FindAtomA
GetComputerNameA

advapi32

IsValidSecurityDescriptor
RegEnumValueA
IsTokenRestricted
RegQueryValueA
GetUserNameA
CreateServiceA
CloseEventLog
GetLengthSid
RegEnumKeyExA
RegCloseKey
GetFileSecurityA
RegDeleteKeyA
RegCreateKeyExA

dsprop

ErrMsg
CheckADsError
ReportError
FindSheet
MsgBox

powercfg.cpl

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 313KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ