21cd0360bf199b007caedc47e8fe2157_JaffaCakes118 | Triage

Sharing

General

Target

21cd0360bf199b007caedc47e8fe2157_JaffaCakes118
Size

56KB
MD5

21cd0360bf199b007caedc47e8fe2157
SHA1

8f073ddeb67d10fe4c7a6bf9b5d5f2cb8f3e346e
SHA256

a9ad36f48377bb1606c11153cbeff6cc88b1c649598f23cc8ce96bcb619050c3
SHA512

456cc2d6404e1d28b5bf20c5c1ea213c2c0c692cc84507c04744b298128b122084d81bcb215342fb1fb9a8cff820dc1c9c128e74475b2a4e2f6176eae47c56ff
SSDEEP

1536:goDVSQrnxQqQaUdHL2HVxZdG0fN47WQTYew:gwVLntQFo40V4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21cd0360bf199b007caedc47e8fe2157_JaffaCakes118

Files

21cd0360bf199b007caedc47e8fe2157_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2806126cd87c69a179fbf89131945a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strcmpi
sprintf
atol
_beginthread
abs
strspn
_access
rand
wcscmp

gdi32

SetBkMode
RestoreDC
SetBkColor
CreateRectRgn
MoveToEx
RectInRegion
DeleteObject
SelectObject
GetDeviceCaps

advapi32

RegOpenKeyExA
LookupPrivilegeNameA
LookupAccountNameA
RegCloseKey
QueryServiceConfigA
QueryServiceStatus
SetSecurityInfo
RegConnectRegistryA
RegCreateKeyExA

kernel32

GetLastError
FormatMessageA
VirtualQueryEx
PulseEvent
GetNumberFormatA
TlsAlloc
LocalFree
GetConsoleMode
GlobalUnlock
Sleep
GetCurrentThread
lstrcmpiA
GetUserDefaultLCID
HeapAlloc
TlsSetValue
InterlockedDecrement
lstrlenA
GetThreadContext
HeapSize

ole32

CoGetObject
OleCreateFromDataEx
OleCreateMenuDescriptor
OleCreateStaticFromData
CoFreeUnusedLibraries
CoUninitialize

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ