41255f0dbb2a443420c6dbc44cef4130_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41255f0dbb2a443420c6dbc44cef4130_JaffaCakes118
Size

308KB
MD5

41255f0dbb2a443420c6dbc44cef4130
SHA1

0fe3f98c3ed64690352901cb88b5300cf51127a7
SHA256

3929b3475e2e62a4f25de40fe2db9ce318a7578eb1969413e8d3e996d3c48cf7
SHA512

8ba72a1631ae1f363f2d3c1a7fac17227f494d1e2da6b7241b5e0b0af32a29b8e87130588bd4258b3ae1f33a7068a85e32aaa9a9020da3892cec0f3d0ac74d5b
SSDEEP

6144:2oz0XUa2MehMhUQKekNdKFyP+xaFau1WFTuu2buiuGadC:VHa2Meyhj9ksymxacuwF68iGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41255f0dbb2a443420c6dbc44cef4130_JaffaCakes118

Files

41255f0dbb2a443420c6dbc44cef4130_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6902f1869af180130cfa6dfcad9bb28d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
TlsSetValue
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
HeapReAlloc
EnumSystemLanguageGroupsW
GetStringTypeW
GetStringTypeA
LCMapStringW
GetLocaleInfoA
CompareFileTime
OutputDebugStringW
WriteConsoleW
DebugBreak
GetCPInfo

advapi32

PrivilegeCheck
DuplicateTokenEx
GetUserNameA
SetSecurityDescriptorOwner
AddAce
QueryServiceStatus
IsValidSecurityDescriptor
LookupAccountSidA
GetSecurityDescriptorLength
InitializeSecurityDescriptor
RegOpenKeyExW

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

shlwapi

PathAddBackslashW

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

winmm

sndPlaySoundA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ