495d1599e615dff4e99d000e66d1bbc5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

495d1599e615dff4e99d000e66d1bbc5_JaffaCakes118
Size

90KB
MD5

495d1599e615dff4e99d000e66d1bbc5
SHA1

74e9e02a187ae15b10a8995209f5c76226177f8f
SHA256

99d1c20ffff0d08fefc8d95330b6828d88404cc405216796ce1f2af8e831b5d4
SHA512

706085ff0ed7667592f11c98a2c08feeefa4ac35347b5b3e9dcd172eafac740bd17b2eb387d965544274db849bcd79ae49d7000a3933306d6254c9395122c51f
SSDEEP

768:AhzgpyYiLXdCka2crp0P0nfzcBOOVHgdg+7VdJKmh4nt1WUI3ZyT2b4LM8wOx:WgpJizdC3POZE7zWt4UKsycLMlO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
495d1599e615dff4e99d000e66d1bbc5_JaffaCakes118

Files

495d1599e615dff4e99d000e66d1bbc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fc3a44c0c5ceea2e25d8cb6d3c32442e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ReleaseMutex
GetCalendarInfoA
ExitProcess
Sleep
FindVolumeClose
GetTickCount
TlsGetValue
GetDiskFreeSpaceA
FindClose
FindAtomA
CloseHandle
SetEvent
FindResourceExA
GetModuleHandleA
SearchPathA
DeleteCriticalSection
lstrlenA
GetLastError
VirtualProtect

advapi32

RegEnumKeyExA
LsaSetSecret
RegCreateKeyExA
CloseEventLog
OpenEventLogA
AccessCheck
IsValidSid
CloseTrace
RegLoadKeyA
GetFileSecurityA
RegCloseKey
FreeSid
LsaFreeMemory
LsaClose
RegCloseKey

msdtcuiu

DtcPerfCollect
DllGetClassObject
DtcPerfClose
DtcPerfOpen
DllRegisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE