6efa897ee5258e82466b2cf0fa562f49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6efa897ee5258e82466b2cf0fa562f49_JaffaCakes118
Size

51KB
MD5

6efa897ee5258e82466b2cf0fa562f49
SHA1

1b7ec558f61fdf0b2b1cd734ac3f20a94ef5da61
SHA256

438421b1e66d5caa424e6035c3965346f4f6fd55c33599cbf5ec8a328f8bcd98
SHA512

826c385df651268571fcfa7c87d26540dd19bf6690bc00a8a2c0a780aeebb885b5936f8dd16d331d113796ed81fd2c8189e2610cd976ab8b31b17f4c83812ce8
SSDEEP

1536:Ha66H4Sldkh0PTvq8H7fxQv2oVzV3o03WzoL4:63MSeAfxeV3PWH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6efa897ee5258e82466b2cf0fa562f49_JaffaCakes118

Files

6efa897ee5258e82466b2cf0fa562f49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8a80c0b1a6c07a60636456954629175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateIoCompletionPort
ExitProcess
GetPrivateProfileSectionNamesW
QueryDosDeviceA
ReadConsoleA
TlsGetValue

advapi32

AddAccessDeniedAce
CryptDecrypt
CryptSetKeyParam
GetCurrentHwProfileW
InitializeSecurityDescriptor
ObjectCloseAuditAlarmA
ObjectDeleteAuditAlarmW
RegCreateKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
SetFileSecurityA
SetNamedSecurityInfoW
SetServiceBits

user32

ChildWindowFromPointEx
EndDeferWindowPos
GetMenuItemInfoW
OpenDesktopW
RealGetWindowClass
SetClassLongW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE