833d9f8fa7e2a5cea2291eadb5767e93_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

833d9f8fa7e2a5cea2291eadb5767e93_JaffaCakes118
Size

110KB
MD5

833d9f8fa7e2a5cea2291eadb5767e93
SHA1

57d5fbe923ee5c77da4cdc32b70e79ca5b72b707
SHA256

2a3aaa6e37a4badbfbcd06b3bb68e37de040a6a69586ad4140e9452af942d925
SHA512

56c4a8e4d34748100556c177710ad4168d3f84dd6345bfecc664181ca2ad9f5449175d4d3b8f5aa99020e39ab3aa527a83c1e8ffa91c38b562358c4ea795e69c
SSDEEP

1536:D3zwhiLUUx2t9XDr6dUrSkxzWz0pgXpFfa1MObxDtkPtr3RdFWjUULFBUdKn:D3zwhyU+6zpOk4zTpFabxDMdWpL/IKn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
833d9f8fa7e2a5cea2291eadb5767e93_JaffaCakes118

Files

833d9f8fa7e2a5cea2291eadb5767e93_JaffaCakes118
.exe windows:4 windows x86 arch:x86

deb38cef2c09e9835777d1e05eb334dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
ResumeThread
GetConsoleWindow
DeleteCriticalSection
GetTickCount
IsValidCodePage
HeapDestroy
ReleaseMutex
GetLastError
GetDriveTypeA
CreateHardLinkA
GetStartupInfoA
lstrcmpiA
HeapSize
CloseHandle
VirtualProtect
DeleteTimerQueue
SetEvent
GetProfileStringA
GetTempPathA
GetModuleHandleA

advapi32

GetFileSecurityA
RegLoadKeyA
RegEnumValueA
ReportEventA
IsValidSid
RegEnumKeyExA
LsaSetSecret
CloseTrace
CloseEventLog
RegQueryValueExA
AccessCheck
GetSecurityInfo
OpenEventLogA
LsaClose
RegCreateKeyExA
LsaFreeMemory
IsValidAcl
FreeSid
RegCloseKey
IsWellKnownSid

msasn1

ASN1BERDecCheck
ASN1BEREncTag
ASN1BEREncCheck
ASN1BERDecBool
ASN1BEREncBool

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ