41ef82921697cb1c0ad4c2acb3ccd0ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41ef82921697cb1c0ad4c2acb3ccd0ba_JaffaCakes118
Size

74KB
MD5

41ef82921697cb1c0ad4c2acb3ccd0ba
SHA1

8839eaefa431bce2f63018b1f1285f3978f9eb8f
SHA256

e5be3c0b66d7c3c2986202faf860f4cce41892db64c91e8322a57c2e4c23ecf0
SHA512

8fc76498f2f4e6b0b6c880418f3d9b7601ce3636cd57769cb9baa796badfa95184435bf0cceac44599d337b9863637eb60886438537696c1029fb8d0f1b02c10
SSDEEP

1536:7hgzv/fpb2hrPCwV4IWpTuejVa07GvS0puVxq2iubUW:7haxb2hrqwF+V3+uG2pUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41ef82921697cb1c0ad4c2acb3ccd0ba_JaffaCakes118

Files

41ef82921697cb1c0ad4c2acb3ccd0ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8a1a922993da7d11f3db07c35ea88fc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cryptdll

CDLocateRng
MD5Update
CDBuildVect
MD5Init

shlwapi

UrlEscapeA
UrlCreateFromPathA
UrlCombineA
UrlCanonicalizeA

advapi32

RegUnLoadKeyA
RegCloseKey
RegCreateKeyExA
CreateServiceW
CreateServiceW
RegOpenKeyA
RegLoadKeyA
StartServiceW
RegSaveKeyA
IsValidAcl

kernel32

SetEnvironmentVariableW
lstrcpyA
CopyFileExA
InterlockedExchange
ReadProcessMemory
LoadLibraryW
FindClose
OpenProcess
UpdateResourceW
VirtualAlloc
GetModuleHandleA
CreateWaitableTimerW
MapViewOfFile
CreateMailslotA
GetTickCount
OpenWaitableTimerA
WriteConsoleW
CreateFileA
OpenWaitableTimerW
FileTimeToSystemTime
lstrcmp

authz

AuthzInitializeContextFromSid
AuthzFreeContext
AuthzAddSidsToContext
AuthzFreeResourceManager
AuthzFreeAuditEvent

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE