2ceb6b26a9ffa470a4d7c39434d017bf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ceb6b26a9ffa470a4d7c39434d017bf_JaffaCakes118
Size

382KB
MD5

2ceb6b26a9ffa470a4d7c39434d017bf
SHA1

de18568d1ad7c4da83e9c3f4851067d57ade7e78
SHA256

0a0966f8bbfe9cd6059e872edb446fa9fdc73e024dd8ca82f23c222d6f01e809
SHA512

2dec622a53a4ed0e75b04977e05bb333b262d1664f33b49d14a9e5fe77962ef7138d1f4d22db38703da4a061ef9d5015754295068364989da7bc97217e3eb792
SSDEEP

6144:LRMhwCQ0TexdCoNSQwMOu/L5NY5k7paog+4gyA1H1zZsQ6psGeDkXMg:LRMhwCQ2exdCGGMOu/iQtUA1A7R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ceb6b26a9ffa470a4d7c39434d017bf_JaffaCakes118

Files

2ceb6b26a9ffa470a4d7c39434d017bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea966209549a3fddff708dbebfaf437f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
ReleaseMutex
GetPrivateProfileIntW
ResetEvent
CreateEventA
GetCommandLineA
GlobalFree
CreateMutexA
GetExitCodeProcess
CloseHandle
WriteFile
GetModuleHandleW
GetStdHandle
HeapCreate
lstrlenA
GetACP
GlobalSize
InterlockedExchange
LocalFree
GetEnvironmentVariableW

advapi32

CreateServiceA
RegCloseKey
RegQueryValueW
ControlService
IsValidSid
ClearEventLogW
IsValidSecurityDescriptor
IsTextUnicode
RegDeleteValueA
RegEnumKeyW
RegDeleteKeyA
CloseEventLog
RegCreateKeyExW

btpanui

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ