176bf1ba2045b5ae7f65ff3fa3fcd975_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

176bf1ba2045b5ae7f65ff3fa3fcd975_JaffaCakes118
Size

740KB
MD5

176bf1ba2045b5ae7f65ff3fa3fcd975
SHA1

0c610b1ce867b105fe291b3ed206349e4114d5ac
SHA256

f319fda06fd712a7896f4fdee43e29af373665a861dd04fffbd6945c4d074e0e
SHA512

49405c20305f604fc73379d83c96b8bc82c153bb5332d71423ab47e1dcbd91d6091f75accdd68de9b5e7ab04ac8a46d20949d0795ac412b72e0110fa0bc277a0
SSDEEP

12288:zJKzgAKN8KJBXxxY/NNNf3G1fzm/x3v6/QhBQYIl6ZR2Y3h5INwEL3gPQX3SvMf:zwJKL1+NNNu1LMx3P4lSR2Y3h+NrgPQz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
176bf1ba2045b5ae7f65ff3fa3fcd975_JaffaCakes118

Files

176bf1ba2045b5ae7f65ff3fa3fcd975_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f90abd90afa0a0740e2c03cbe0997d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetTickCount
ResumeThread
GetLastError
GetStdHandle
CreateHardLinkA
GetStartupInfoA
DeleteTimerQueue
GetPrivateProfileStringA
DeleteCriticalSection
HeapDestroy
CloseHandle
ReleaseMutex
IsValidCodePage
VirtualProtect
GetTempPathA
GetDriveTypeA
SetEvent
lstrcmpiA
HeapSize
ExitProcess

advapi32

ReportEventA
CloseTrace
CloseEventLog
AccessCheck
RegEnumKeyExA
IsValidAcl
GetSecurityInfo
LsaSetSecret
OpenEventLogA
FreeSid
LsaFreeMemory
IsWellKnownSid
RegCreateKeyExA
RegCloseKey
GetFileSecurityA
RegLoadKeyA
LsaClose
IsValidSid
RegEnumValueA
RegQueryValueExA

apphelp

ApphelpCheckIME
SdbFreeFlagInfo
ApphelpShowDialog
SdbFindFirstTag
SdbFindNextTag

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE