21a62c46fc019c957b34390a129ed849_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21a62c46fc019c957b34390a129ed849_JaffaCakes118
Size

41KB
MD5

21a62c46fc019c957b34390a129ed849
SHA1

9e1bc89f1c0709581296173ac25ae5101534d9f4
SHA256

f56a590fcfd5ef5d4b376cbd53224aadc4671401d79baceef8af37519ab4e0e6
SHA512

ae6300655c3142096bf65dbfa547cee8b7fa481688050cdcec31498580e1f394fa249e8a7764d474b4cedfc1859a94212e8e097785292501102a5b82fb95d067
SSDEEP

768:uvJPe3OZsekNszQNBcXWGr7oCN0hlCS4dVBV4+iFHK32V5+Z1P5yulSvaQwvx:uvFCN9IW8tu/4dVCxkR5yVyQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a62c46fc019c957b34390a129ed849_JaffaCakes118

Files

21a62c46fc019c957b34390a129ed849_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1406bd0f43557df2093ba072d0c7d9fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileExW
DuplicateHandle
ExitProcess
GetEnvironmentStringsA
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetProfileIntA
GlobalFlags
LCMapStringA
LockFile
PeekNamedPipe
SetFilePointer
SetTapePosition
TlsAlloc

advapi32

AreAnyAccessesGranted
CryptSignHashW
LogonUserA
LookupPrivilegeNameW
OpenBackupEventLogA
RegDeleteKeyA
SetSecurityInfoExA

shell32

Control_RunDLL
Control_RunDLLA
DllCanUnloadNow
ExtractIconExA
OpenAs_RunDLL
SHEmptyRecycleBinW
SHGetFileInfoA
SHHelpShortcuts_RunDLLW
SheConvertPathW
SheRemoveQuotesA

gdi32

ChoosePixelFormat
CreateDIBPatternBrush
FloodFill
OffsetViewportOrgEx
PatBlt
ScaleViewportExtEx
SetSystemPaletteUse
SetTextJustification

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE