2844ca5b67c7728a4795de3ebcd4d56a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2844ca5b67c7728a4795de3ebcd4d56a_JaffaCakes118
Size

820KB
MD5

2844ca5b67c7728a4795de3ebcd4d56a
SHA1

a960bf29b867a6b3fdfc48c3cc4acbf31003cc75
SHA256

7b56cebe1f76efe6b4fea925dfac84247f3521c2be97a1509ec8067dc88a879e
SHA512

d63caad803e05f7578d80aecf9e943fff78f0fb541f7f099868f60c675094acf7f6678b03bf42abf45ae9d62523e26594a8f47158d3339cb4bdc38ffd7101a06
SSDEEP

24576:1RMStMnyte4DRTxfsUSSbj5kp4dTpMki:1RM4MnyteufsU5bjeL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2844ca5b67c7728a4795de3ebcd4d56a_JaffaCakes118

Files

2844ca5b67c7728a4795de3ebcd4d56a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3fa1b6e54e1735b7fa439e52a201daa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetEnvironmentVariableW
CloseHandle
GetModuleHandleW
GetPrivateProfileIntW
lstrlenA
ResetEvent
GetACP
CreateEventA
GetExitCodeProcess
GlobalSize
CreateMutexA
GetCommandLineA
GetStdHandle
ResumeThread
VirtualAlloc
WriteFile
FindVolumeClose
InterlockedExchange
GlobalFree

advapi32

ClearEventLogA
RegCloseKey
RegQueryValueW
CloseEventLog
IsValidAcl
IsValidSid
RegDeleteValueA
CreateServiceA
RegEnumKeyW
RegDeleteKeyA
ControlService
IsTextUnicode
RegCreateKeyExW

admparse

ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag
AdmClose

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ