3e488e6bb94a04d44fc4eaace8f68be8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e488e6bb94a04d44fc4eaace8f68be8_JaffaCakes118
Size

75KB
MD5

3e488e6bb94a04d44fc4eaace8f68be8
SHA1

3f17779810830e0b28d7ad9db335ab842c2f47d8
SHA256

fd560309f97a01673ccae324156eabfa4de389f2dec9fc591187511c6ee2cabc
SHA512

2d9bd5e7445884359dfaa5dbcb15a68e0ab6724e6d4b8216922cb60a86a9283ff2fffaa5e9075e16a4ec7d437aeb01eaf356407792c30aa29594ceb52bd97871
SSDEEP

1536:saKEmDji2vggqUt90bzRGl6Fbw4dntIeECCNoEMA4RkwN2tTlZN:ZK/ji2vxqUYz46F9ye4P4WwY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e488e6bb94a04d44fc4eaace8f68be8_JaffaCakes118

Files

3e488e6bb94a04d44fc4eaace8f68be8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2136de6272e6660ba3b80d4b30fd87f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fopen
_pctype
wcscpy
_waccess
qsort
_wcsnicmp
atol
wcsstr
strncmp
_exit
_wcslwr
_itoa

advapi32

SetTokenInformation
RegEnumValueA
RegQueryValueExA
RegCreateKeyExA
LookupPrivilegeValueA
CreateProcessAsUserA
CloseServiceHandle
StartServiceA
GetSecurityInfo
RegCreateKeyA
RegOpenKeyA
GetKernelObjectSecurity
QueryServiceObjectSecurity

gdi32

CreateSolidBrush
SaveDC
DeleteObject
CreateRectRgnIndirect
CreateFontIndirectA
GetTextMetricsA
BitBlt
GetStockObject
StartDocA
StartPage
Ellipse
SetBkColor

kernel32

GetEnvironmentStrings
GetThreadContext
VirtualAlloc
Sleep
LocalAlloc
SizeofResource
TerminateProcess
GetVersionExA
IsBadStringPtrA
EnterCriticalSection
SetConsoleCtrlHandler
HeapReAlloc
SetStdHandle
LocalFree
FatalAppExitA
GetProcessHeap
InterlockedIncrement

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ