3bba614adf3415a6f020e105bf7db822_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3bba614adf3415a6f020e105bf7db822_JaffaCakes118
Size

92KB
MD5

3bba614adf3415a6f020e105bf7db822
SHA1

944b2ca7963fcf1d125ec733e23c1a55596c8c00
SHA256

cbc2d4ee9caf5eeac68608042aaad5fad1ce3b1858b807f1a48e543f6c5c569e
SHA512

c560eedea778196da10481502ebf480f6fe5ed9761782e38d53c91074caeda2314ae354b07f3d4195cdd1330131c74ee626fea7054bd6b3912db72fb8dcf0dc4
SSDEEP

1536:5HTjI8w2x28sW16V7fv4qqX+Acd14krzr1EDJisNEdLh1g82P:5H/I8xZst5v4q2+Acr4ezwvsLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bba614adf3415a6f020e105bf7db822_JaffaCakes118

Files

3bba614adf3415a6f020e105bf7db822_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3cf41b4657adda23ded55b979679a4b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

exit
_strnicmp
toupper
_except_handler3
wcscpy
_iob
??3@YAXPAX@Z

ntdll

NtDisplayString
DbgPrint
NtOpenProcessToken
swprintf
RtlInitAnsiString
RtlQueryInformationAcl
NtSetInformationFile
RtlCreateAcl
RtlInitializeGenericTable
RtlSetDaclSecurityDescriptor
_alldiv
RtlLengthSid

kernel32

ResetEvent
GetConsoleOutputCP
InterlockedDecrement
SetEvent
GetThreadLocale
InterlockedIncrement
LocalAlloc
InterlockedExchange
GetCurrentThread
ReleaseMutex
SetHandleCount
OutputDebugStringA
MultiByteToWideChar
DeleteFileA
DeviceIoControl
DeleteCriticalSection
CreateFileW
GetModuleHandleW
LoadLibraryW
GetDriveTypeW

ulib

?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Fatal@PROGRAM@@UBEXXZ
??0CLASS_DESCRIPTOR@@QAE@XZ

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE