94fc65278e4bbbc653eec9465cfcd52f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94fc65278e4bbbc653eec9465cfcd52f_JaffaCakes118
Size

330KB
MD5

94fc65278e4bbbc653eec9465cfcd52f
SHA1

fa24595761721dfed1fdf078013f12383049db1a
SHA256

1b9ef82482cd5bd14a07efbb3a3ebfa226b65c6512df92f3ef90464284fd400a
SHA512

4de2cecbf79c4785783f833243a77626918b40267738970f68c435e5b1c30d0867ecbd2d1df64b83b329cf57cd65e838dac9a6b9b8347c218f69e1bff3c56012
SSDEEP

6144:Oldnr4TOiLc0r0s0H5uV6CLcYzA9KLzKa+D7vkqssJX:OATTnjY5hgcYdLG93kqssJX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fc65278e4bbbc653eec9465cfcd52f_JaffaCakes118

Files

94fc65278e4bbbc653eec9465cfcd52f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0bcee6bd999092ff3960d9f03cfd6533

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
GlobalAlloc
GetProcAddress
LocalFree
TlsSetValue
TlsGetValue
GetLastError
LocalLock
VirtualAlloc
LocalHandle
GetACP
LocalReAlloc
GetModuleHandleA
GetStartupInfoA

secur32

ExportSecurityContext
InitializeSecurityContextA
CompleteAuthToken
EncryptMessage
AcceptSecurityContext
VerifySignature
DeleteSecurityContext
DecryptMessage
MakeSignature
FreeCredentialsHandle
ApplyControlToken

netapi32

NetAuditClear
Netbios
NetAuditWrite
NetConfigGetAll
NetFileGetInfo
NetConfigGet
NetErrorLogRead
NetFileClose
NetFileEnum
NetGetAnyDCName
NetAuditRead
NetErrorLogWrite

msvcrt

_initterm
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_acmdln
exit
_XcptFilter
__setusermatherr
__getmainargs
_exit

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ