31b1b218b54fc0f7c70f9c1fb46876f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31b1b218b54fc0f7c70f9c1fb46876f1_JaffaCakes118
Size

29KB
MD5

31b1b218b54fc0f7c70f9c1fb46876f1
SHA1

f867ced4cb225d71636ca6fadf2a0f581facc734
SHA256

7ac1298a7bdc1f376882e7514aa030dced6a8db7cf6defb80e10c073814838c0
SHA512

19cc25f7bff463fda512d0e78d79b14435a8e36f25a0f72f7a982e623dfbc0be113aba96bb163844080905b2698db25603552123541843dcf83dfd665a2e96ca
SSDEEP

768:5ydBgQEm5VMxOH1/sdWmI6VonaPtP4ATvP1yerKk:5rQD5TkIS9tP4wPT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31b1b218b54fc0f7c70f9c1fb46876f1_JaffaCakes118

Files

31b1b218b54fc0f7c70f9c1fb46876f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

073c766e2c897f3a0cca600f0beca155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ExitProcess
FreeResource
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
RtlUnwind
SetUnhandledExceptionFilter
lstrcatA
lstrcpynA

user32

CreateAcceleratorTableA
LoadCursorFromFileA
SetMenuInfo
DestroyCaret
LoadAcceleratorsA

advapi32

RegOpenKeyExA
RegEnumKeyA
LsaLookupPrivilegeDisplayName
LsaICLookupSids
LsaGetUserName
LsaEnumerateTrustedDomains
LsaEnumeratePrivileges

msvbvm60

__vbaFileCloseAll
__vbaDerefAry
__vbaDateR4
__vbaCyUI1
__vbaCyI2
__vbaCyAdd
__vbaCopyBytesZero
__vbaBoolErrVar
__vbaAryVarVarg
__vbaAryRecMove
__vbaAryDestruct
__vbaAryConstruct
__vbaCyForNext

dinput

DirectInputCreateEx
DirectInputCreateA
DirectInputCreateW

Exports

Exports

Hckc
Iquefwvcg
Ircrmuepx
Qmwaap

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ