45ef2a4ff8f714f39bc8ddd4e323a864_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45ef2a4ff8f714f39bc8ddd4e323a864_JaffaCakes118
Size

226KB
MD5

45ef2a4ff8f714f39bc8ddd4e323a864
SHA1

f595d06bb7bf68be416c08ebe48056f15164dd29
SHA256

3a51b3a72f7a0c05ed7c258d39a54f49b58881c98496e310e6f7a92e92d53a07
SHA512

72de1cc10a344922b3fd47c7775bf8df4ccd575b18b3803b73ca1480a0f702c9dd4e3ac44e65ed8d9ee9fa5afef3eccb7b8cc10047a4020322aad5057b26512f
SSDEEP

6144:9GIEm+Nd4MzlSoPuNWErpwjRLJWayEaV6:sIfUUUiWEIZII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45ef2a4ff8f714f39bc8ddd4e323a864_JaffaCakes118

Files

45ef2a4ff8f714f39bc8ddd4e323a864_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8e88bb540796be14e6879a52126f6dc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DebugActiveProcess
ExitProcess
IsBadWritePtr
SetConsoleCursorInfo
SetVolumeLabelW
VerLanguageNameA
VirtualLock

advapi32

AdjustTokenGroups
BuildImpersonateTrusteeA
ClearEventLogA
CryptSignHashW
GetNamedSecurityInfoExA
GetUserNameA
NotifyChangeEventLog
OpenEventLogW
RegConnectRegistryW
SetEntriesInAclW
SetNamedSecurityInfoExA

gdi32

CreateFontW
DeleteEnhMetaFile
DeleteObject
EnumICMProfilesA
GetBitmapBits
GetDCOrgEx
ResetDCA
SetBkMode

Sections

.text
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ