8438bf94527bb4b2ae48b57b926eb052_JaffaCakes118 | Triage

Sharing

General

Target

8438bf94527bb4b2ae48b57b926eb052_JaffaCakes118
Size

54KB
MD5

8438bf94527bb4b2ae48b57b926eb052
SHA1

52c7d9b2e78aed57a7329e83393efd6592dffe88
SHA256

efe9fc54f63870e49001df963812bf7be7dd332a586df5a620c91bcba9217d75
SHA512

338c3d273e9eb9b933b02addeb8cabb9920a343014ddabf991325bc5467402022d5cdfa6cd117d1d5e121edf09b41d5dd7bba8d3d5a0c98c42b9472126f2b6ca
SSDEEP

1536:lvfSfS1VADqFUM3YWe9DtvSVUvUmi/2Cu8D2KFu8L:tjd3YbY2C/PVD2KQ8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8438bf94527bb4b2ae48b57b926eb052_JaffaCakes118

Files

8438bf94527bb4b2ae48b57b926eb052_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61cd400b12035da48b42bcba10e980d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ContinueDebugEvent
DisableThreadLibraryCalls
ExitProcess
GetProcessWorkingSetSize
ReadConsoleOutputW
SetCalendarInfoW
SetHandleInformation
VerLanguageNameW
WaitForDebugEvent
WriteFile

advapi32

BuildExplicitAccessWithNameA
ConvertSecurityDescriptorToAccessW
CryptGetHashParam
DuplicateToken
EqualPrefixSid
EqualSid
FindFirstFreeAce
GetExplicitEntriesFromAclW
GetFileSecurityA
GetServiceKeyNameW
GetTrusteeNameW
GetUserNameA
ReportEventW
SetEntriesInAuditListW

shell32

CheckEscapesW
DoEnvironmentSubstW
DragFinish
SHBrowseForFolderW
SHEmptyRecycleBinW
SHFileOperation
SHGetPathFromIDListA
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SheConvertPathW
Shell_NotifyIconA

gdi32

CreateDIBSection
DPtoLP
GetDIBColorTable
GetDeviceGammaRamp
GetNearestPaletteIndex
PlayMetaFile
Polygon
SaveDC
SetICMMode
StretchBlt

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE