70bc4c144482ed43b875c99eb569db54_JaffaCakes118 | Triage

Sharing

General

Target

70bc4c144482ed43b875c99eb569db54_JaffaCakes118
Size

328KB
MD5

70bc4c144482ed43b875c99eb569db54
SHA1

0bc9702ad71b30a0f2e780da0e717c079ff902ce
SHA256

da907c880e03b6c420cb10c98c493198db1fc20d9c2b53e6e7264cfec3add672
SHA512

1588136a8f7162a1339300f6f3ff1a78bb376e721b13e9bd272bdf84b40e819888f88dca63b5e7506b0f2afb86670f9205633799cb00616b3277a09ff16d7719
SSDEEP

6144:hQfALiUxwuJXoxEsKyG9H6TTynLqKyjsshYUMh5bmdJl5SYqqhx:EALhFKGB6TTynGfjskYU+bq3xx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70bc4c144482ed43b875c99eb569db54_JaffaCakes118

Files

70bc4c144482ed43b875c99eb569db54_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06287cba1b8240c89957eb4feaa50c49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadStringPtrA
CloseHandle
GetModuleHandleA
GetDriveTypeW
CancelIo
FreeConsole
FindClose
SetLastError
ResetEvent
IsBadReadPtr
LocalFree
LoadLibraryExW
GetDateFormatA
VirtualProtect
DeleteCriticalSection
TlsGetValue
GetLastError
EnumResourceTypesW
GetDiskFreeSpaceExA
GetCommandLineA

advapi32

GetFileSecurityA
CloseEventLog
IsTokenUntrusted
OpenEventLogA
LsaFreeMemory
LsaSetSecret
LsaClose
CloseTrace
FreeSid
RegCloseKey
RegLoadKeyA
AccessCheck
RegCreateKeyExA
RegCloseKey

glmf32

glsGetError
glsBinary
glsBlock
glsCharubz
glsChannel

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ