467cc826d532e45706481d800912b344_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

467cc826d532e45706481d800912b344_JaffaCakes118
Size

368KB
MD5

467cc826d532e45706481d800912b344
SHA1

05a0da8212a0bdccb7d88f1f1d8d99265a8549d6
SHA256

f074fe594fd3f902016793a8c679db2906c4350561d8eab729e89d331967fdd7
SHA512

e96ec561b8b69ff9ff4f38c243b59b076a080e985867d6b406576832f1e81486aea1bc21c454184f2803fe564ff7e4cbe1aec213c475c95f2d284de29bcdb3a7
SSDEEP

6144:voVjwOqOQQN/3Xtes2fkDbKk8JBldvqdtGsJCAA+KVZrFea285DyNKtFyG:AxwlOtfXtJ2fkDbpuRqrQAAprP/X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
467cc826d532e45706481d800912b344_JaffaCakes118

Files

467cc826d532e45706481d800912b344_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9866b567d88ab32c17115a1e6438f0e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
LoadStringW
GetSystemMetrics
LoadStringA

advapi32

GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
IsValidSecurityDescriptor

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcStringBindingComposeW
RpcStringBindingComposeA
NdrClientCall2
I_RpcExceptionFilter

kernel32

LocalFree
GetSystemTimeAsFileTime
GetStartupInfoA
GetTickCount
TerminateProcess
GetCurrentProcess
GetModuleHandleW
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
WideCharToMultiByte

ntdll

NtLoadKey
NtAllocateVirtualMemory

msvcrt

free
_mbschr
_adjust_fdiv
wcslen
_vsnprintf
wcschr
strchr
strcspn
malloc
_except_handler3
_initterm
wcscspn

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE