5a967ce999d99d89ea1646e70e2e0a48_JaffaCakes118 | Triage

Sharing

General

Target

5a967ce999d99d89ea1646e70e2e0a48_JaffaCakes118
Size

83KB
MD5

5a967ce999d99d89ea1646e70e2e0a48
SHA1

e7bf73f5e11b4dc9937b12f45d8a98bfb4e97dd8
SHA256

21e85573e0b4abe5dbd9d365d8eefdeda3bd31441c93032a61058550d490587e
SHA512

820a256ea653ff76224d639a7125f2496056b4c5debd0e6222cff7f29a906de590f2caccb5841ead1a51d9cdb165f94fa6b2e7dd51e0dd9fb94288128962110a
SSDEEP

1536:1EHaSchRQLtNuUHmEkyYnkAWkzzzykLt/cOjejaoNqPDy5HQdLJGgn9OBT0z:yHaSchRQLtNu9EMWkbbtUu8OAHQKEyT2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a967ce999d99d89ea1646e70e2e0a48_JaffaCakes118

Files

5a967ce999d99d89ea1646e70e2e0a48_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a6544f43b902434d7d37e1f75848c1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcschr
memmove
RtlCopySid
RtlEnumerateGenericTableWithoutSplaying
NtReadFile
NtQueryValueKey
NtOpenSymbolicLinkObject
RtlInitAnsiString
NtFsControlFile
RtlSubAuthoritySid
RtlDecompressBuffer
RtlLengthRequiredSid
NtCreateEvent
NtOpenFile

kernel32

OpenProcess
SetHandleCount
Sleep
GetModuleFileNameW
GetVolumeInformationW
GetProcessHeap
GetUserDefaultLCID
GetDateFormatW
HeapAlloc
lstrcmpiW
VirtualQuery
GlobalLock
GetSystemDirectoryW
InterlockedDecrement
GetCurrentThread
CreateFileA

msvcrt

_except_handler3
__winitenv
__setusermatherr
_pctype
_controlfp
wcslen
__initenv
atoi
realloc
exit
_acmdln
_iob
printf
wcscpy

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ