4a4b5f115ccbe6f6ed2e6c37aa157e9e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a4b5f115ccbe6f6ed2e6c37aa157e9e_JaffaCakes118
Size

382KB
MD5

4a4b5f115ccbe6f6ed2e6c37aa157e9e
SHA1

515692ab03e6034c689b416d30282e29d9d9d7ed
SHA256

d5383d54305ff1f67c71467e3a16ec8ba69d470f995f205921e0df6b0096e434
SHA512

8912574bdcf30c0eab0c6bff313a03ce7dcd9683531cf883f29e2240a0e5a736912710a492f389f831bc9e6d401d0a49ce160ec6334e890b39081020bf22bf8c
SSDEEP

6144:Mf2JRMxCQ0TexdCoNSQwMOu/L5NY5k7paog+4gyA1H1zZsQ6psGeDkXMg:vJRMxCQ2exdCGGMOu/iQtUA1A7R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a4b5f115ccbe6f6ed2e6c37aa157e9e_JaffaCakes118

Files

4a4b5f115ccbe6f6ed2e6c37aa157e9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f66656d9fafc80c5cb2dc757bccf49a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetModuleHandleW
GetACP
CreateEventA
ResumeThread
GetPrivateProfileIntW
GetEnvironmentVariableW
GetStdHandle
GetExitCodeProcess
ReleaseMutex
GetCommandLineA
ResetEvent
CloseHandle
GlobalSize
WriteFile
InterlockedExchange
GlobalFree
lstrlenA
LocalFree
HeapCreate

advapi32

ControlService
IsValidSecurityDescriptor
RegDeleteKeyA
RegCreateKeyExW
RegEnumKeyW
IsValidSid
IsTextUnicode
CreateServiceA
CloseEventLog
ClearEventLogW
RegDeleteValueA
RegCloseKey
RegQueryValueW

btpanui

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ