17a6fc36be56feb51e20ec49cc1eb354_JaffaCakes118 | Triage

Sharing

General

Target

17a6fc36be56feb51e20ec49cc1eb354_JaffaCakes118
Size

17KB
MD5

17a6fc36be56feb51e20ec49cc1eb354
SHA1

d413da4a3684b2c181a670053cadbe7845e9ff7b
SHA256

626771ccc86affa4a141e93360fe5a2e969dac4bd97b61657128410c62e4201d
SHA512

dee3b370019895f37c1b9801a961371f59a867ac3b91b725e1a8d421514a6b6176f45e9b7eac58a67ab8fbacf5b43eae26f9f03b2440fff36f80af9a17ddd407
SSDEEP

384:eTK9mFrGWCdnWSRsfGXD6wMdVIWUgQgZ0pHC:uKbnjD6wMdVI9FgWFC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17a6fc36be56feb51e20ec49cc1eb354_JaffaCakes118

Files

17a6fc36be56feb51e20ec49cc1eb354_JaffaCakes118
.exe windows:4 windows x86 arch:x86

125f29eade1b7689c863192c2701c836

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
ExitProcess
GetWriteWatch
IsProcessorFeaturePresent
SetFileApisToANSI
VirtualProtect

advapi32

AbortSystemShutdownW
AdjustTokenPrivileges
GetSecurityDescriptorGroup
LookupPrivilegeNameW
RegEnumKeyA
SetPrivateObjectSecurity
SetTokenInformation

user32

DrawCaption
DrawTextA
GetClipCursor
GetDCEx
IsCharLowerA
IsDlgButtonChecked
LoadIconW
PeekMessageW
SendIMEMessageExA
SetTimer
TileChildWindows
TileWindows
UnhookWindowsHookEx

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE