40ad95d70181509fe4434f794777300c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40ad95d70181509fe4434f794777300c_JaffaCakes118
Size

327KB
MD5

40ad95d70181509fe4434f794777300c
SHA1

3e23d790296709c5959c8d018ad396fd0cf4f4dd
SHA256

f9acfa66a1adcdc3b74be3515fcfa455ac76f97314ad63c60ee2eb89d47c571d
SHA512

53c66b9a6881edc6fb5ebed64d1d98da9d8a8e361de68f2a68c9c277fe55ddcb00dd8601d87e8fbfa980309b3e962cb3472f8e3a172866664b13211087292198
SSDEEP

6144:cQVHHA6CvA9o25VJFTesh0NoOKRemrtorD8hn1ErltW8m6F9vZTwwszH:xnAnvA9o2bT2KoB8F1yCcPsz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40ad95d70181509fe4434f794777300c_JaffaCakes118

Files

40ad95d70181509fe4434f794777300c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cf6ff47ac9db68926de35a8963d4581

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
FindClose
GetDiskFreeSpaceExA
PulseEvent
CloseHandle
TlsGetValue
GetDriveTypeW
GetLastError
EnumResourceTypesA
SetLastError
VirtualProtect
LoadLibraryExW
DeleteCriticalSection
GetDateFormatA
IsBadReadPtr
LocalFree
FreeConsole
IsBadCodePtr
Sleep
GetModuleHandleA

advapi32

GetFileSecurityA
LsaSetSecret
IsValidSid
RegLoadKeyA
CloseTrace
CloseEventLog
RegCloseKey
OpenEventLogA
LsaFreeMemory
LsaClose
AccessCheck
FreeSid
RegCreateKeyExA
RegCloseKey

clbcatq

DowngradeAPL
ComPlusMigrate
SetSetupOpen
GetCatalogObject
GetComputerObject

Sections

.text
Size: 3KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ