75d4de58e02af9d1282631f43dc02eda_JaffaCakes118 | Triage

Sharing

General

Target

75d4de58e02af9d1282631f43dc02eda_JaffaCakes118
Size

341KB
MD5

75d4de58e02af9d1282631f43dc02eda
SHA1

cd665a950443981606d5e8ac046360db6399945f
SHA256

dbb6ff89b18d33e135db0bed7a21d3c172e929469670edf2df8b31aae94b7bb7
SHA512

f16d0c5ae79ed429edf5e1380ede26bf0c0413c3ec3d938adcdf07f1d21da9db00daea9925e6428318850fd490c055e99117574b88409714465a29e88fb886aa
SSDEEP

6144:erAV91snEm+gr3sOVRdinB5umDrd97MS8ekvXhmc4hqKo2aMZ08PGmD2m47sng:GAV91pfMVRAnBN18vUhqlMZ0jA2m60

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75d4de58e02af9d1282631f43dc02eda_JaffaCakes118

Files

75d4de58e02af9d1282631f43dc02eda_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c6327b86c29877981e79c7dc39787b30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetTickCount
GetDriveTypeA
VirtualProtect
SetEvent
ReleaseMutex
ExitProcess
GetStartupInfoA
ResumeThread
GetLastError
AddAtomA
CloseHandle
GetThreadLocale
GetModuleHandleA
lstrcmpiA
DeleteCriticalSection
HeapDestroy
HeapSize
TlsGetValue
SearchPathA
CreateHardLinkA

advapi32

OpenEventLogA
CloseEventLog
RegCreateKeyExA
LsaFreeMemory
RegEnumValueA
IsValidSid
FreeSid
AccessCheck
GetSecurityInfo
GetFileSecurityA
RegEnumKeyExA
LsaClose
RegLoadKeyA
RegCloseKey
LsaSetSecret
CloseTrace

urlmon

CopyBindInfo
CoInternetCompareUrl
CoInternetGetSession
CoInstall
CoInternetParseUrl

perfos

CloseOSObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ