33501a1f17c82f744985c96ef1cb2a86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33501a1f17c82f744985c96ef1cb2a86_JaffaCakes118
Size

90KB
MD5

33501a1f17c82f744985c96ef1cb2a86
SHA1

f44d76ef119e010991696aa2fe89f019cf6d4e58
SHA256

f06e3620d368f36c6d9a1ad4cbc6169b1cbd90d342c79da7c3c05c109d264d74
SHA512

a1f8939c34f7a24da0debd8b3aebdedd74f293c259db613f51561a28736c34f6ceb8dca6ddbdaa9b9dd411e37ff3edb23b45849d3eb92c9747ec6ea544891ff6
SSDEEP

1536:kKcyq8vRzrbzjfdEGWmm/7G5PSSuQVWjf1srTY:kAq8BBxcyPSN2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33501a1f17c82f744985c96ef1cb2a86_JaffaCakes118

Files

33501a1f17c82f744985c96ef1cb2a86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e9e5a280e66d5be51be606318d3adcd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetTickCount
Sleep
GetLastError
CloseHandle
FindClose
DeleteCriticalSection
SearchPathA
lstrlenA
FindResourceExA
VirtualProtect
GetCalendarInfoA
GetModuleHandleA
FindAtomA
ReleaseMutex
TlsGetValue
CreateThread
CreateMutexA
FindVolumeClose
GetStartupInfoA

advapi32

RegCreateKeyExA
AccessCheck
RegLoadKeyA
LsaFreeMemory
FreeSid
RegCloseKey
LsaClose
LsaSetSecret
GetFileSecurityA
CloseTrace
RegEnumKeyExA
CloseEventLog
IsValidSid
OpenEventLogA
RegCloseKey

msdtcuiu

DtcPerfClose
DtcPerfCollect
DllGetClassObject
DllRegisterServer
DtcPerfOpen

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE