3d720971d51ee8cae8deab99b3e28d52_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d720971d51ee8cae8deab99b3e28d52_JaffaCakes118
Size

327KB
MD5

3d720971d51ee8cae8deab99b3e28d52
SHA1

cb8e327f1dbdd81aa30580b07f2549b55a09faee
SHA256

fc3c2ceade41185274e275f4f7247e54c1248573ede9513cb5d1acbcb95caaf7
SHA512

702596db1a6f8856d26c6c936ec954cc6aef7f1e8fd585f013d108f3a4f58005184e610840d16e65d5d4838497efb6f68cb0035eb8ce410f07ce8f28b2641573
SSDEEP

6144:NQWEpxwuJVfbeKEqFPzcfiYfy4quwgL5rr2kXFtz:kx3fSd0PzcDZqupFiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d720971d51ee8cae8deab99b3e28d52_JaffaCakes118

Files

3d720971d51ee8cae8deab99b3e28d52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b3e01da371df9ab5c1df0c6d8f4b261

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
TlsGetValue
GetCommandLineA
IsBadStringPtrA
GetDateFormatA
IsBadReadPtr
GetModuleHandleA
FreeConsole
FindClose
GetDriveTypeW
ResetEvent
GetLastError
CancelIo
DeleteCriticalSection
SetLastError
EnumResourceTypesA
LoadLibraryExW
VirtualProtect
GetDiskFreeSpaceExA

advapi32

AccessCheck
CloseEventLog
LsaFreeMemory
RegCreateKeyExA
RegCloseKey
OpenEventLogA
CloseTrace
IsValidSid
LsaClose
LsaSetSecret
GetFileSecurityA
RegLoadKeyA
FreeSid
RegCloseKey

osuninst

ExecuteUninstall
IsUninstallImageValid
ProvideUiAlerts
RemoveUninstallImage
GetUninstallImageSize

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ