7150cdd8f39d8f6daca62172a1c5616d_JaffaCakes118 | Triage

Sharing

General

Target

7150cdd8f39d8f6daca62172a1c5616d_JaffaCakes118
Size

200KB
MD5

7150cdd8f39d8f6daca62172a1c5616d
SHA1

a72981bb8ebac15bb2bf8567f1ee4a3fe7185ef6
SHA256

ea23e1e61047167cbf36b8c3d4f8dbdfe98aff26398e25f5eb5edd6138dad1d0
SHA512

e2b32c23ac3b89b5e044d9093c1ebae6fd5d7c5729c542d09e82cd0e9e4b9fa37d92c0c43d2b6275770b55c9c02915bb862a2e1f493d4aeb087434cf279dbd72
SSDEEP

3072:XxCRlIfzpTYjHXrIIqeFqsXsKOue1u17bK20IyUjOGHatXAnpUM8ICU6ty2CKi:GIf5a7dqLAFRbByUjOBtQ+tG6ty2CN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7150cdd8f39d8f6daca62172a1c5616d_JaffaCakes118

Files

7150cdd8f39d8f6daca62172a1c5616d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f1378e6833e83e541b1e448c9e1693e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
TlsSetValue
GetLocaleInfoA
OutputDebugStringA
DebugBreak
WriteConsoleW
EnumSystemLanguageGroupsW
OutputDebugStringW
GetStringTypeA
IsValidCodePage
LCMapStringW
HeapReAlloc
CompareFileTime
GetTimeZoneInformation
LCMapStringA
GetCPInfo

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

advapi32

LookupAccountSidA
GetUserNameA
IsValidSecurityDescriptor
PrivilegeCheck
AddAce
InitializeSecurityDescriptor
QueryServiceStatus
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
DuplicateTokenEx
RegOpenKeyExW

winmm

mciSendCommandA

shlwapi

PathAddBackslashW

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ