93e588770097cd1751ef22170787d0dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93e588770097cd1751ef22170787d0dd_JaffaCakes118
Size

333KB
MD5

93e588770097cd1751ef22170787d0dd
SHA1

b36c7d04cb2467a2af4eade8bf2d95621f88b06a
SHA256

9e5d2dbbf8b84b41132c36816a8152ab24df7b2bea792c77b497c4f5e7a00305
SHA512

07189609efaeb25eab1d94a9dec8fce4cc17d09b2b99925e02ed0fd7cc11c55af1be65cc5bc6bd47bc03b47b20680265e85c8aa5d8b031d781005f53449435cd
SSDEEP

6144:zP8/UV13izkygSQTao2bfdDHWWQCPWY0GF9sbtcL2c:zPqI1SP1292blDHWd+GmL2c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93e588770097cd1751ef22170787d0dd_JaffaCakes118

Files

93e588770097cd1751ef22170787d0dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7318bafb22c957793e007af2bc0e656

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
HeapDestroy
VirtualProtect
GetDiskFreeSpaceA
SetEvent
GetModuleHandleA
CreateHardLinkA
CloseHandle
ReleaseMutex
ExitProcess
DeleteCriticalSection
AddAtomA
GetTickCount
lstrcmpiA
GetLastError
Sleep
GetStartupInfoA
TlsGetValue
ResumeThread
SearchPathA

advapi32

LsaSetSecret
LsaClose
RegEnumKeyExA
FreeSid
GetFileSecurityA
IsValidSid
LsaFreeMemory
RegCreateKeyExA
RegLoadKeyA
CloseEventLog
AccessCheck
RegCloseKey
OpenEventLogA
CloseTrace

cfgmgr32

CM_Add_Range
CM_First_Range
CM_Get_Child
CM_Add_IDA
CM_Delete_Range

shell32

DragQueryFileA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ