100b58831fb1102636e19c0b5a6212d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

100b58831fb1102636e19c0b5a6212d9_JaffaCakes118
Size

88KB
MD5

100b58831fb1102636e19c0b5a6212d9
SHA1

960ffd673f391bb1c24a8ce6eb42b7baadee0fea
SHA256

4749111b31ba8b0abe6c9579318d32f862794ce9e7b5b14ebff1f3903eece6d9
SHA512

2de2250d12cc8feed401596a75c5200717c2192f290505ff4772fc0adc34fbccf0b12f1a701a51a1e1b0a4264d89153146d01a1dfce18c3d48c48e5eb4637f38
SSDEEP

1536:YZYFmJUHLNjr2RnnnUTZNnL0lfrnoBC+w07+:YZSmJcxKRnUTLn4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
100b58831fb1102636e19c0b5a6212d9_JaffaCakes118

Files

100b58831fb1102636e19c0b5a6212d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

700add6ca395301b222917e47c96a5c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryExW
GetLastError
CloseHandle
EnumResourceTypesW
DeleteCriticalSection
VirtualProtect
FreeConsole
FindClose
ResetEvent
LocalFree
CancelIo
IsBadReadPtr
SetLastError
GetDateFormatA
IsBadStringPtrA
GetCommandLineA
TlsGetValue
GetDiskFreeSpaceExA
GetDriveTypeW

advapi32

CloseTrace
GetLengthSid
FreeSid
LsaFreeMemory
GetFileSecurityW
OpenEventLogA
IsTokenUntrusted
RegEnumKeyExA
CloseEventLog
RegCloseKey
AccessCheck
LsaClose
RegCreateKeyExA
RegCloseKey

hnetcfg

HNetFreeSharingServicesPage
DllRegisterServer
DllGetClassObject
HNetDeleteRasConnection
HNetGetSharingServicesPage

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE