8537338b6ef1fe9aaa41620435273b20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8537338b6ef1fe9aaa41620435273b20_JaffaCakes118
Size

820KB
MD5

8537338b6ef1fe9aaa41620435273b20
SHA1

3ecbe8ed413ef1a9b48d32a4cbd2bf584a7b2c8d
SHA256

6b058af6a97f212e216ed9778f25357d5200d763ba30d36938ad73b7eb8ba8c1
SHA512

8307f8e297fa1d59ed6f12291fd87c1ff8beb6e19278b7bd631279ba1c6b7e7457aa11066e5d95e4e61ab3af273a8a79cbd150f10ef2018d4df04ae47d4ec1ae
SSDEEP

24576:QRMZMbcwB0osg8y7N1c3ByXDd39RfLtV/LnE6kxRfF:QRMZKdeoXJ12MJbLv/jfG/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8537338b6ef1fe9aaa41620435273b20_JaffaCakes118

Files

8537338b6ef1fe9aaa41620435273b20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ceb561cda66667241274ea2ce5da7e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
LocalFree
GlobalFree
ResumeThread
GetACP
GetStdHandle
InterlockedExchange
GlobalSize
GetPrivateProfileIntW
GetCommandLineA
CreateEventA
CreateMutexA
FindVolumeClose
GetEnvironmentVariableW
GetExitCodeProcess
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ResetEvent

advapi32

RegDeleteKeyA
CreateServiceA
RegDeleteValueA
ClearEventLogA
IsValidAcl
RegCreateKeyExW
RegCloseKey
IsValidSid
IsTextUnicode
RegEnumKeyW
ControlService
CloseEventLog
RegQueryValueW

admparse

ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ