3f0d6f94b19fc8cbb431229d143e3d14_JaffaCakes118 | Triage

Sharing

General

Target

3f0d6f94b19fc8cbb431229d143e3d14_JaffaCakes118
Size

39KB
MD5

3f0d6f94b19fc8cbb431229d143e3d14
SHA1

11d3b2d48d47115af479250ce3e8a1284aa8c66a
SHA256

1a0085870e12041b2c050385897b4e6b61b2a3e96d4d9c3b0d6c43adb0cc3df0
SHA512

701d39a78ea82f283e0180e49617113618390f85c3275fbdb1ebe277e57e5db6dacd9bc93716355142e121baf906b1a32b7f4e8b01a84483c2923d19005a454f
SSDEEP

768:BsKXG/kubmYzuY0l3GEClIHXZeckkdquA3K:BsK5ulzu32HK8cnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0d6f94b19fc8cbb431229d143e3d14_JaffaCakes118

Files

3f0d6f94b19fc8cbb431229d143e3d14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb1513a5a84a58605662717c70e6fa70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseProfileUserMapping
ConvertDefaultLocale
ExitProcess
GetCurrentThread
GlobalDeleteAtom
GlobalGetAtomNameW
GlobalHandle
IsBadWritePtr
LoadModule
MapViewOfFileEx
RtlZeroMemory
UpdateResourceA

advapi32

AccessCheck
CryptDecrypt
CryptGetHashParam
CryptSetProviderW
CryptSignHashW
GetKernelObjectSecurity
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetServiceKeyNameA
LookupPrivilegeValueW
OpenServiceA
QueryServiceConfigA
SetEntriesInAclA
SetEntriesInAclW
TrusteeAccessToObjectW

user32

DrawFrameControl
GrayStringA
KillTimer
ScreenToClient
SendNotifyMessageW
SetDebugErrorLevel
SetKeyboardState
SetPropA
SetWindowsHookW

shell32

Control_RunDLL
Control_RunDLLA
ExtractAssociatedIconA
ExtractIconResInfoA
PrintersGetCommand_RunDLLW
SHAddToRecentDocs
SHFormatDrive
SHGetSettings
ShellHookProc

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE