274b2f726a49252e5603f3dc67184d32_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

274b2f726a49252e5603f3dc67184d32_JaffaCakes118
Size

50KB
MD5

274b2f726a49252e5603f3dc67184d32
SHA1

a3a956f999fc4d89c78f19d6ac0e3b4512712326
SHA256

6fa9e8b89593a3fa30470aa7e438bac986f0bb901f9e3ef29343a2ec5c2d0959
SHA512

0ea39da553334b64cacdc036d2318fe9da0b2779a98a8bdb42e599980baaeaccaa014ad98617e1de6b0237ec1b96c95c0ae300319cd9503976c7a76f0514b43a
SSDEEP

384:rloiTtufq3IVNeLNek+vDAhzYWK82QBrQWRFtuertHNzm:SiTeCdhkE22rPtfrtHM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
274b2f726a49252e5603f3dc67184d32_JaffaCakes118

Files

274b2f726a49252e5603f3dc67184d32_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3ead24835c6caca23a3ff06a1052eb46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Sleep
DeleteCriticalSection
SetLastError
GetLastError
VirtualProtect
FindClose
TlsGetValue
GetDriveTypeW
PulseEvent
LocalFree
GetDateFormatA
IsBadReadPtr
LoadLibraryExW
IsBadCodePtr
FreeConsole
GetCommandLineA
EnumResourceTypesA
GetDiskFreeSpaceExA
GetModuleHandleA

advapi32

IsValidSid
LsaClose
GetFileSecurityA
OpenEventLogA
CloseEventLog
FreeSid
RegCloseKey
LsaFreeMemory
RegCreateKeyExA
RegLoadKeyA
CloseTrace
AccessCheck
LsaSetSecret
RegCloseKey

uxtheme

GetThemeColor
DrawThemeIcon
CloseThemeData
DrawThemeText
GetThemeBool

Sections

.text
Size: 3KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ