83b46c41101532958e69e449e7757b73_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83b46c41101532958e69e449e7757b73_JaffaCakes118
Size

327KB
MD5

83b46c41101532958e69e449e7757b73
SHA1

2622c7604e083405d63c2510a0079de6c23ab0b6
SHA256

4ce6803c6eff73a75217283f09d7d35a2aefa0ce198fe2eda08e7b7df4168671
SHA512

a45d9148682a8e0f9f785ecca7fe004c91e3990e128c98db7f9efed56637de88c3b6336889ebeb44cb89a2c11b70464be055a20534e64ce58160a8f2c4665bc0
SSDEEP

6144:mQaiRPt1VsHZj7l6AGSghpFCK8Yml4+x3WT9QBCVX8pFF5:FV/qZXl9GzpYK8rN3YV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83b46c41101532958e69e449e7757b73_JaffaCakes118

Files

83b46c41101532958e69e449e7757b73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13180d077ba52ab49cd0d9efe1b1b68f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DeleteCriticalSection
GetDiskFreeSpaceExA
IsBadCodePtr
GetCommandLineA
CloseHandle
Sleep
FindClose
FreeConsole
TlsGetValue
GetModuleHandleA
LocalFree
PulseEvent
LoadLibraryExW
EnumResourceTypesA
IsBadReadPtr
GetDriveTypeW
GetLastError
GetDateFormatA
VirtualProtect

advapi32

AccessCheck
RegCloseKey
LsaClose
OpenEventLogA
CloseEventLog
RegCreateKeyExA
RegLoadKeyA
FreeSid
IsValidSid
LsaFreeMemory
GetFileSecurityA
CloseTrace
LsaSetSecret
RegCloseKey

uxtheme

GetThemeBool
GetThemeColor
DrawThemeText
DrawThemeIcon
CloseThemeData

Sections

.text
Size: 3KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ