26582760e217b96708cf6cbe5ffa855a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26582760e217b96708cf6cbe5ffa855a_JaffaCakes118
Size

382KB
MD5

26582760e217b96708cf6cbe5ffa855a
SHA1

83d227500b606bc7b3af64fefc8c6929598a1d0f
SHA256

459624c575108a219c93485f1b650c205ef148e3ed062c4ee95fa19b7d2d8012
SHA512

95543f1207b618f8baa51514f2816449c4ea8851e10d7031923beefc1759d60f6604dd30d492deea6e97559486af46d7a98355de84a370a9007767be08e09bab
SSDEEP

6144:OVGQRMJ/6y4+AGeJKiIdDjky49jypOAEWZqnKET5EIyLjRKg1gXVJiObl:rQRMJ/pAGliLy8hAEWZ+7TSHRKSgFBl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26582760e217b96708cf6cbe5ffa855a_JaffaCakes118

Files

26582760e217b96708cf6cbe5ffa855a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83b9cb2e997e54f398b93e22b8bfbd00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
ReleaseMutex
GetEnvironmentVariableA
CreateMutexW
LocalFree
lstrlenA
LocalSize
GetPrivateProfileIntA
InterlockedExchange
GetSystemInfo
FreeConsole
GetCommandLineW
GlobalFree
WriteFile
SuspendThread
LoadLibraryW
GetStdHandle
ResetEvent
CreateEventW
CloseHandle

advapi32

RegCloseKey
CreateServiceW
CloseEventLog
IsValidSid
InitializeSid
RegEnumKeyA
IsValidSecurityDescriptor
ClearEventLogW
RegDeleteValueA
ControlService
RegCreateKeyExW
RegQueryValueW
IsTextUnicode
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ