15dedefcbb314932ee4abde1cfbe0d3a_JaffaCakes118 | Triage

Sharing

General

Target

15dedefcbb314932ee4abde1cfbe0d3a_JaffaCakes118
Size

320KB
MD5

15dedefcbb314932ee4abde1cfbe0d3a
SHA1

62fdff93e5441c12a6690021eb19d64af7537cb8
SHA256

67bf3ab9985f216c2a17f6951863533c5de735285ed653d7dad0f9e4300d6810
SHA512

ed002d5cd9b1bb3df1f991a4605c5df34393c419e4b7d586914ab14833e3af63f77d71ebf549c3c001837897497294caa5f13570b277d9f9d34a2b0731952b8b
SSDEEP

6144:XfuPiR71DaL7IlQ1AnjBfWaf3XEMs4uMAY5KIJe8LsCvZkpHPgpY7so7tGiq1usT:vu6zaCeAnMaf309tHjCv2dYpY7sbiqtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15dedefcbb314932ee4abde1cfbe0d3a_JaffaCakes118

Files

15dedefcbb314932ee4abde1cfbe0d3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c540b271f11b9c787e07d55077c62bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
HeapDestroy
DeleteCriticalSection
GetConsoleWindow
GetStartupInfoA
CreateHardLinkA
ReleaseMutex
GetModuleHandleA
ExitProcess
SetEvent
IsValidCodePage
lstrcmpiA
GetPrivateProfileStringA
GetTempPathA
GetTickCount
HeapSize
DeleteTimerQueue
ResumeThread
VirtualProtect
GetLastError
GetDriveTypeA

advapi32

RegCreateKeyExA
LsaSetSecret
LsaFreeMemory
ReportEventA
RegEnumValueA
RegQueryInfoKeyA
RegQueryValueExA
GetFileSecurityA
RegCloseKey
CloseEventLog
LsaClose
RegLoadKeyA
OpenEventLogA
AccessCheck
IsValidAcl
CloseTrace
RegEnumKeyExA
FreeSid
GetSecurityInfo
IsValidSid

wininet

HttpQueryInfoA
DeleteUrlCacheEntryA
DetectAutoProxyUrl
HttpSendRequestA
FindCloseUrlCache

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ