670405bea2abbad6265974744e99b827_JaffaCakes118 | Triage

Sharing

General

Target

670405bea2abbad6265974744e99b827_JaffaCakes118
Size

74KB
MD5

670405bea2abbad6265974744e99b827
SHA1

904526e4f8a60206a7ba04f53d5a449e2451f19a
SHA256

622246bda294bb00cdf6592451a82e02f2f1ccf85a3a9e049e5ebff886fd1afc
SHA512

629d32416f3012d48fc9eddb282162ae90fac777b4e213c9f015ce190b2993e9898faea43f43af54af67b0dbb860ceef180ddf18ac553550e4fdc972dc8b25d6
SSDEEP

1536:ip7C0kx1jtMdh9oUecPnE19dkz3dxPUBHp7R+8wnosZdQJZeSAvDBZUT:E7CFbW9o5ck9GIBHPunoEdQJZv6NZUT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
670405bea2abbad6265974744e99b827_JaffaCakes118

Files

670405bea2abbad6265974744e99b827_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b1b09c0e36f53fc4cf3ce0c2dbe2e6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidSubAuthority
LookupAccountNameA
EqualSid
GetTokenInformation
CloseServiceHandle
SetSecurityInfo
RegDeleteValueA
GetKernelObjectSecurity
RegConnectRegistryA
RegQueryValueExA
ControlService
OpenProcessToken

msvcrt

__mb_cur_max
strcpy
strcmp
_ltow
wcslen
_wcsnicmp
wcscat
srand
__setusermatherr
_itow
_vsnprintf
_except_handler3
_snprintf

gdi32

GetTextExtentPoint32A
CreateFontIndirectA
MoveToEx
StartPage
DeleteObject
EndDoc
StartDocA
Ellipse
CreatePen
SetTextColor
SetTextAlign
SetROP2

kernel32

GetEnvironmentVariableA
GetSystemDirectoryA
ReadProcessMemory
GetProcessAffinityMask
HeapSize
DeviceIoControl
QueryPerformanceCounter
MultiByteToWideChar
GetFileAttributesA
GetLocaleInfoA
GlobalAlloc
GetTickCount
LCMapStringA
SetStdHandle
GetTimeFormatA
GlobalUnlock

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ