704cb0a2d8e1ebbc9e07d89df99a865c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

704cb0a2d8e1ebbc9e07d89df99a865c_JaffaCakes118
Size

382KB
MD5

704cb0a2d8e1ebbc9e07d89df99a865c
SHA1

b3aedd8e416a6818ebf41d60e0324f26e583e2d2
SHA256

9025433b09c192997e332701cb3ecefac9182a8ea9c3bbf765df3431359a8747
SHA512

f7040e081d69ad6cfdc4cbd778147bc07e43ab6df092c60dc553c3fdba0daf39fb6f46e186d9fae54a846d5790814212c0c09c06bc9d38e76352496e0f29eecf
SSDEEP

6144:u6BBhpRMi6y4+AGeJKiIdDjky49jypOAEWZqnKET5EIyLjRKg1gXVJiObl:JrpRMipAGliLy8hAEWZ+7TSHRKSgFBl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
704cb0a2d8e1ebbc9e07d89df99a865c_JaffaCakes118

Files

704cb0a2d8e1ebbc9e07d89df99a865c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52cc4d0ee528dc54c9f3914667c03a54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
SuspendThread
GetStdHandle
FreeConsole
GlobalFree
LocalSize
CloseHandle
InterlockedExchange
ResetEvent
ReleaseMutex
GetPrivateProfileIntA
WriteFile
GetEnvironmentVariableA
lstrlenA
VirtualAllocEx
GetCommandLineW
LoadLibraryW
GetSystemInfo
CreateEventW
LocalFree

advapi32

IsValidSid
RegCreateKeyExW
CreateServiceW
RegEnumKeyA
IsTextUnicode
InitializeSid
RegDeleteValueA
CloseEventLog
IsValidSecurityDescriptor
ControlService
RegQueryValueW
RegCloseKey
ClearEventLogW
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ