70bb3fde597dd1efcae9fad5f671d21c_JaffaCakes118 | Triage

Sharing

General

Target

70bb3fde597dd1efcae9fad5f671d21c_JaffaCakes118
Size

262KB
MD5

70bb3fde597dd1efcae9fad5f671d21c
SHA1

70325d1fc3b73d452d766351dd8caf50e4568832
SHA256

48ccc58e864d2f722c2c8e254932fe918135c082c21026e3bcd812f26c442e6f
SHA512

83b19396885f7990dbc107909d67ceb09d1c504dd85dfd361a4e17a5f2bef0dfafa1fadb2c812cadb2fd1e2298cd234368054d675438dfd407bbec1374482a75
SSDEEP

6144:ghpJ48mvrrKHKDMPiRKy7Nqrur3fjyhIXdQqR2G1iMBs6RueBCJj6pK:gdqrrxM7y7Eiq2yjyiQstp6M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70bb3fde597dd1efcae9fad5f671d21c_JaffaCakes118

Files

70bb3fde597dd1efcae9fad5f671d21c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

388f4743f366727651dc37cc82da8caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__pioinfo
_lock
towlower
memset
_onexit

rpcrt4

RpcBindingSetOption

advapi32

EnableTrace
InitializeAcl
StartServiceW
UnregisterTraceGuids
AllocateAndInitializeSid
RegCloseKey
CryptReleaseContext

kernel32

UnmapViewOfFile
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
Sleep
SetPriorityClass
WriteFile
VirtualAlloc
OpenEventW
HeapDestroy
EnterCriticalSection
InterlockedDecrement

ntdll

NtQueryInformationProcess
RtlCreateTimer
RtlExitUserThread
RtlCompareMemory
ZwOpenEvent

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ