59bdef0e3fb7a10c8a2c8fd87b69e1af_JaffaCakes118 | Triage

Sharing

General

Target

59bdef0e3fb7a10c8a2c8fd87b69e1af_JaffaCakes118
Size

381KB
MD5

59bdef0e3fb7a10c8a2c8fd87b69e1af
SHA1

1c593c0fc5fd67d7c87d49436e793d5667e1cfa7
SHA256

ddc601826e111be6429352e7064932d0c92fe67c0fd67f10f71dcff3c9e3cc99
SHA512

57bc900cfec0eb5cd80b8cda09cb2510d28bdb43b4a53a7f1509fa297d2eaeba7ea17dd9759f6bbf2501385b7ec44eb93cbb88fa161afd845cf06259a837619c
SSDEEP

6144:r4MfWlRMt7iWjhtgYXL7TO6dHyF6EDWVUlMVcZOV6fGhmLjAR73t3ygCkv:kMfMRMtJlbq6Vxh8MV9VOpO73tokv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59bdef0e3fb7a10c8a2c8fd87b69e1af_JaffaCakes118

Files

59bdef0e3fb7a10c8a2c8fd87b69e1af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cedb0bd53273ae0eb94910aded477609

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
VirtualAlloc
ResetEvent
GetStdHandle
GlobalSize
GetPrivateProfileIntW
GlobalFree
CloseHandle
GetACP
CreateMutexA
FindVolumeClose
GetCommandLineA
CreateEventA
LocalFree
ResumeThread
GetModuleHandleW
GetEnvironmentVariableW
GetExitCodeProcess
InterlockedExchange
WriteFile

advapi32

ClearEventLogA
CreateServiceA
RegDeleteKeyA
RegQueryValueW
RegCloseKey
RegDeleteValueA
RegCreateKeyExW
IsValidAcl
IsTextUnicode
CloseEventLog
ControlService
RegEnumKeyW
IsValidSid

admparse

ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag
AdmClose
ResetAdmDirtyFlag

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ