38238ee0c0e6f11622f36803feec230e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38238ee0c0e6f11622f36803feec230e_JaffaCakes118
Size

58KB
MD5

38238ee0c0e6f11622f36803feec230e
SHA1

2f1f386e41406e9f47928cff1bbfa5f6ce49b566
SHA256

69292a4fb7e5f3ecca04d62b761d4ddb2b41827c10e62181669ffabc377aa97a
SHA512

dedd2ae2f85dfcf6f0c02a329344286061a09ac024e339026179a99a1e7634488d1a00cdf5ea8cd18fdf4e988abc17dd8ed26b3ef9b034d85c5630a41048fafa
SSDEEP

1536:TRArQNxs4mKZa3muufVPRjM8NQkIHC1yNKt5MlG:TSrQ/Vw3sNQko8qKt5MlG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38238ee0c0e6f11622f36803feec230e_JaffaCakes118

Files

38238ee0c0e6f11622f36803feec230e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

421664050e178f32225aae3d782c4e10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_strtime
wcsncat
wcscpy
__p__fmode
time
free
fseek
_wcsicmp
_vsnprintf
_ltow
_wtoi
_onexit
_stricmp
_beginthreadex

advapi32

AllocateAndInitializeSid
LookupPrivilegeNameA
QueryServiceStatus
RegCloseKey
IsValidSid
RegDeleteValueA
GetLengthSid
SetTokenInformation
LookupPrivilegeValueW
RegDeleteKeyA
OpenSCManagerA
GetTokenInformation
AddAce
OpenProcessToken

kernel32

IsBadStringPtrA
GetCurrentProcess
GetModuleFileNameA
lstrcmpiA
SetThreadAffinityMask
GetModuleHandleA
RtlUnwind
SetEnvironmentVariableA
SetUnhandledExceptionFilter
ExitThread
SetProcessWorkingSetSize
GetVersion
GetUserDefaultLCID
GetFileTime
HeapCreate
TlsFree
GetFileType
WideCharToMultiByte
lstrlenW
FatalAppExitA
InterlockedDecrement
lstrcmpA

user32

InsertMenuA
EmptyClipboard
SetCursor
CreateIconIndirect
SystemParametersInfoA
LoadImageA
KillTimer
SetClassLongA
GetMenuItemID
GetWindowThreadProcessId
OpenClipboard
TranslateMessage

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ