27068a030fd84bc0e805e0c51dc5f483_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27068a030fd84bc0e805e0c51dc5f483_JaffaCakes118
Size

315KB
MD5

27068a030fd84bc0e805e0c51dc5f483
SHA1

7bf3e9d6f761c381bb50a29b52e1dac25610543e
SHA256

992f7f5872b69e2dbbb60a20e8ebf125d5222bea1beb3aa39980f5a511e6f280
SHA512

92874aadba389db2657d5358fa9a41fd6bad8b86e4ba5cc02b77b6a9d7ff8f651c27887a339acc7e00b934c33ec0a2cf9b7b01e1a8562490372c2c37038ed03e
SSDEEP

6144:uA1GfBzBjIgpYl5iqJQkVnDwhndZ4w+GA87W3VPTctin9PB:uAuBFjC3QonkDZ2GVW5TctgB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27068a030fd84bc0e805e0c51dc5f483_JaffaCakes118

Files

27068a030fd84bc0e805e0c51dc5f483_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7bf53ddb55be0fe1ee9c97f7235f7b34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
DebugBreak
OutputDebugStringW
OutputDebugStringA
GetTimeZoneInformation
WriteConsoleW
LCMapStringW
EnumSystemLanguageGroupsW
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareFileTime
IsValidCodePage
HeapReAlloc
GetCPInfo

advapi32

QueryServiceStatus
PrivilegeCheck
InitializeSecurityDescriptor
DuplicateTokenEx
GetSecurityDescriptorLength
IsValidSecurityDescriptor
GetUserNameA
LookupAccountSidA
AddAce
SetSecurityDescriptorOwner
RegOpenKeyExW

winmm

sndPlaySoundA

oleacc

CreateStdAccessibleObject
ObjectFromLresult

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

oledlg

OleUIBusyW

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ