14b529612a6c85d7f570a1ce2f05195a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14b529612a6c85d7f570a1ce2f05195a_JaffaCakes118
Size

1.6MB
MD5

14b529612a6c85d7f570a1ce2f05195a
SHA1

6606bfabc0aeecaf741bafff2df9dc8af7b56631
SHA256

f00bb2dcba75bc00ab32e439c4ca6fd89645dd225df2d39679f459aff5400f70
SHA512

918b1f1358c470794fd40719b6beff6f195252861729553d70d43f65d20e2294571090c463ad02248cc5e479ed86226cab93e986350e60566f5c21649d4b88f4
SSDEEP

49152:ktI3Dy75OjB8xzxyDSZ/a3rxh4dSrGOPX:ktI3DU5X6D6y4dSGOPX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14b529612a6c85d7f570a1ce2f05195a_JaffaCakes118

Files

14b529612a6c85d7f570a1ce2f05195a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ba2af2494ef74ba61740b8d813aebf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy
SafeArrayUnaccessData
SysStringLen
SysFreeString
QueryPathOfRegTypeLi

kernel32

GetDriveTypeW
LCMapStringA
SwitchToFiber
LoadLibraryExA
EnumResourceLanguagesW
GetUserDefaultLangID
GetFullPathNameA
CreateEventA
GetComputerNameW
GetProfileStringA
IsBadReadPtr
ExitProcess
ReleaseSemaphore
PeekNamedPipe
CreateFileW
GetProfileIntA

user32

CreateWindowExA
GetProcessDefaultLayout
RemovePropA
CreateWindowExW
GetClientRect
GetClassInfoExA
GetDCEx
GetMessageTime
OemKeyScan

version

VerFindFileA

comctl32

ImageList_Create
ImageList_GetIcon

advapi32

ImpersonateSelf
RegisterEventSourceW
OpenSCManagerW
MakeAbsoluteSD
OpenSCManagerA
ControlService
FreeSid

Sections

.text
Size: 11KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ