2a4c8edbdb4a32136621c31a287fa166_JaffaCakes118 | Triage

Sharing

General

Target

2a4c8edbdb4a32136621c31a287fa166_JaffaCakes118
Size

49KB
MD5

2a4c8edbdb4a32136621c31a287fa166
SHA1

4dbd09490a6cd243877aae6c861e27db05837f3f
SHA256

9b2e76db4fa2b3f711fb181e2fe1c4611bef0fe432da0ed47e1f77b7a66e700e
SHA512

d1741725d53da6a73c2c03cf596367c0771b8ce182d6c6d289d54bc25deffec725c2a34503bb6816fa074ced5cecbb516df61b81845913d8893dc8a3e795ffa8
SSDEEP

1536:ONp7pcokmb7WK19SuDsXYtCrlU+C5awO:OTxkmDf/DWYtCrllOa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a4c8edbdb4a32136621c31a287fa166_JaffaCakes118

Files

2a4c8edbdb4a32136621c31a287fa166_JaffaCakes118
.exe windows:4 windows x86 arch:x86

749c1a540915695d2f1a1edb6d410b3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BuildCommDCBAndTimeoutsA
CreateDirectoryW
EnumResourceLanguagesW
ExitProcess
ExpandEnvironmentStringsA
FlushInstructionCache
FormatMessageW
GlobalAlloc
Heap32ListFirst
IsDebuggerPresent
LocalFree
OpenProfileUserMapping
RtlFillMemory

advapi32

AreAnyAccessesGranted
BuildTrusteeWithSidA
CreatePrivateObjectSecurity
CryptEnumProvidersW
CryptGetKeyParam
CryptHashData
GetSecurityInfo
MakeSelfRelativeSD
ReadEventLogA
RegCloseKey
RegSaveKeyA
SetNamedSecurityInfoA
SetPrivateObjectSecurity

user32

ChangeDisplaySettingsW
DdeDisconnect
EnumDesktopsW
GetMessageExtraInfo
OpenIcon
SendIMEMessageExA
SendMessageTimeoutW
TrackMouseEvent

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE