8e4495581f90c74c5186fdc387ac5d41_JaffaCakes118 | Triage

Sharing

General

Target

8e4495581f90c74c5186fdc387ac5d41_JaffaCakes118
Size

48KB
MD5

8e4495581f90c74c5186fdc387ac5d41
SHA1

9092d795e8165b92faddb4eea05bc37d4f1f8fc0
SHA256

4408f0a65d3599318ee148ede4a8b48f7dce2b7dff03c6f88691c3dc802cec19
SHA512

fbcbcbdfbfe93e7513b8f6714b53bab764d8818763eccbe08e3279dd3093ab4e93db7ac4972d577b49043e998162aa4f3b2a5fc705fe08049ce19bf7d2db5b33
SSDEEP

768:eN6AGJoEL9lprTUkySmnFNf9CwfPXaf181GHjwGpFJ3fPXaf181GHjwGpFJ:eN6dt1TefFnda988DwGvJna988DwGvJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e4495581f90c74c5186fdc387ac5d41_JaffaCakes118

Files

8e4495581f90c74c5186fdc387ac5d41_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca6769ed9d55efda76b4ebb58503c894

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
DeleteFileA
GetFileAttributesA
GetSystemTime
GetSystemDirectoryA
FindClose
CloseHandle
lstrcmpA
FindFirstFileA
GetStringTypeExA
GetThreadLocale
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
WideCharToMultiByte
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetVersionExA
lstrlenA
HeapFree
GetProcessHeap
FindNextFileA
HeapAlloc

advapi32

LsaAddAccountRights
LsaClose
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateWellKnownSid
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
CloseServiceHandle
LsaOpenPolicy

user32

LoadStringW
LoadStringA
CharLowerA
wvsprintfA
CharNextA

Sections

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ