67131bf2b8effd625987ee4cc0b4b8cb_JaffaCakes118 | Triage

Sharing

General

Target

67131bf2b8effd625987ee4cc0b4b8cb_JaffaCakes118
Size

140KB
MD5

67131bf2b8effd625987ee4cc0b4b8cb
SHA1

fdd4662e4283f9193e1521880bbbaa1264640fdb
SHA256

d52d93d8379758fc73a768f9a12314eec24a48c49abc08561dd9d01eb7cc452f
SHA512

e3e5a419a4daf5cfc01b5e6a8dde23663cff99159811da0edf45a63aa8e5c15645ad3f4046e71c54aa5055a3cb9ea93f3db46826a44694353702f17113df8de5
SSDEEP

3072:NAwyb8EANoAJ8/mSSk41TdB7rxEUob+ZVfVuJqkvipktWbSOh:+Jb8EA+bmwSX7mjJDipiO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67131bf2b8effd625987ee4cc0b4b8cb_JaffaCakes118

Files

67131bf2b8effd625987ee4cc0b4b8cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

94ef6009e412cc611ae95ba353009e74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceA
SetSecurityDescriptorGroup
DecryptFileA
LsaClose
OpenEventLogA
LsaEnumerateTrustedDomains
SystemFunction028
SystemFunction033

kernel32

GetLastError
QueryDosDeviceW
ExpandEnvironmentStringsA
DuplicateHandle
GetProcessVersion
SetUnhandledExceptionFilter

comctl32

ImageList_SetFilter
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Draw
CreateStatusWindowW
ImageList_GetIconSize
CreateToolbarEx
ImageList_Add

ntdll

RtlCopyRangeList
RtlAppendUnicodeStringToString
ZwQueryEaFile
NtQueryOpenSubKeys
ZwQueryVolumeInformationFile
RtlGetFirstRange
RtlpNtMakeTemporaryKey

msvcrt

_wspawnv
_wspawnle
_fullpath
_clearfp
_mbscoll
_read
ispunct

ole32

CoGetStdMarshalEx
GetConvertStg
CoDeactivateObject
HBITMAP_UserUnmarshal
HDC_UserUnmarshal
CoInitialize
OleGetAutoConvert

Sections

.text
Size: 5KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE