409b557c8483da0ccd66b1fbcdde68b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

409b557c8483da0ccd66b1fbcdde68b1_JaffaCakes118
Size

106KB
MD5

409b557c8483da0ccd66b1fbcdde68b1
SHA1

bef3d10e3cd32a4863550d4e7e4629fd31c8bb43
SHA256

b3863eae0a8aab304f8171d71e5fdca7aa719c026a1cf8ab1c77faaa67598646
SHA512

183441e11382f15f3e8a5e56bf68e9568c65544771fe320177194571c9a2882f74a1c896772bd1c2bac279c58c6e6d9cb8d7f78f33c8f65fdf752bfbd7bc5e5f
SSDEEP

1536:6JJuxj7yAZlpUXCoxOnFmr6GDyP2ShZzq/DH1TGd3rgA6Ky6r7PUHKTaPfqWPJ:6Joj7zIamydWLF/Rx6cHKTUfqWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409b557c8483da0ccd66b1fbcdde68b1_JaffaCakes118

Files

409b557c8483da0ccd66b1fbcdde68b1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

be550120db8cd27ca1dede3e7834d235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DeleteService
SystemFunction033
LsaOpenSecret
ObjectOpenAuditAlarmA
GetNamedSecurityInfoExA
SystemFunction031
SetEntriesInAclA
BuildTrusteeWithNameA

comctl32

ImageList_Write
ImageList_SetOverlayImage
ImageList_ReplaceIcon
CreateStatusWindowA
ImageList_Destroy
ImageList_DrawIndirect
FlatSB_GetScrollInfo

user32

SetScrollPos
DdeUnaccessData
GetFocus
ShowCaret
DdeQueryNextServer
UpdatePerUserSystemParameters
GetOpenClipboardWindow

oleaut32

BSTR_UserFree
VarUI1FromR4
SafeArrayGetUBound
VarBstrCat
VarI2FromDate
VarWeekdayName

ole32

OleNoteObjectVisible
CoSwitchCallContext
OleCreateFromData
HACCEL_UserSize
IIDFromString
CoBuildVersion
StringFromGUID2

ntdll

RtlFreeRangeList
NtSecureConnectPort
RtlEraseUnicodeString
ZwDeviceIoControlFile
RtlZeroHeap
ZwOpenSection
ZwCreateWaitablePort

Sections

.text
Size: 3KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 102KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ