254345f840e697d684300075dfb855e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

254345f840e697d684300075dfb855e1_JaffaCakes118
Size

336KB
MD5

254345f840e697d684300075dfb855e1
SHA1

cf96c9f35732dbbaab14761e48558d177c1e7e38
SHA256

8d19bae687bf6a937325e40465db3b6d7cdfc8696dd594dd2c7cd57878e604b5
SHA512

e8a00a7afa772304c07618486a9799d2137bea99ee46f45bd2bd6601a60bb6972f3ec271bd69e0828f9824bc4a90655cf73505fecb6910fcbd2ae14bc3a956ee
SSDEEP

6144:aBC9k3CkeX29Lzpnb7IH9jimmGVJjfurCm7kjZqa1RqSWhQ+2UPZu+BI:YC9SC7X21Bm9NmGVJLu/ojUkcSKQRUDI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
254345f840e697d684300075dfb855e1_JaffaCakes118

Files

254345f840e697d684300075dfb855e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f448b5cfb725ebe78f8b366216ee8b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
ReleaseMutex
DeleteCriticalSection
GetModuleHandleA
HeapDestroy
GetLastError
TlsGetValue
AddAtomA
ExitProcess
CreateHardLinkA
ResumeThread
GetPrivateProfileStringW
GetDriveTypeA
lstrcmpiA
CloseHandle
VirtualProtect
GetTickCount
HeapSize
GetTempPathA
GetStartupInfoA
GetThreadLocale

advapi32

CloseEventLog
LsaFreeMemory
IsValidSid
AccessCheck
RegEnumKeyExA
LsaSetSecret
RegEnumValueA
CloseTrace
LsaClose
FreeSid
GetSecurityInfo
RegLoadKeyA
GetFileSecurityA
RegCloseKey
RegCreateKeyExA
OpenEventLogA

urlmon

CoInstall
CoInternetParseUrl
CopyBindInfo
CoInternetGetSession
CoInternetCompareUrl

perfos

CloseOSObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ