964f1fca8a98243ef72d76ca672a6b29_JaffaCakes118 | Triage

Sharing

General

Target

964f1fca8a98243ef72d76ca672a6b29_JaffaCakes118
Size

401KB
MD5

964f1fca8a98243ef72d76ca672a6b29
SHA1

fd151989622d0b23c015a2bf422e63227cf79e06
SHA256

58d4c764eef8143bcbc448145548b6258859bd4c574cf5519fcde369abe32194
SHA512

618a3807718a1edb19138acf5418522b163d4fe3a5940c528d91751eab0fae2750b602af53de51f3e64528e6f79896c3d1bbabe9e881e8c8b16e4f8e92512340
SSDEEP

6144:E2vpXR8C9xMUWhYegAsGJk/cUrF1E10QZJ7gW6gTmC6aJseQiITqAy4a8XqMVyZ:5h8UoYegJGJkRjEDn7gi1KzzTVMMYZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
964f1fca8a98243ef72d76ca672a6b29_JaffaCakes118

Files

964f1fca8a98243ef72d76ca672a6b29_JaffaCakes118
.exe windows:1 windows x86 arch:x86

000bbfb4a93b942e052ad964ab754292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ImpersonateNamedPipeClient
CryptGetDefaultProviderA
LsaRetrievePrivateData
RegSetValueExA
SystemFunction002
SystemFunction014
SystemFunction021
OpenThreadToken

ole32

HGLOBAL_UserMarshal
CoInitializeSecurity
CoGetMalloc
CoSetState
StgCreateDocfileOnILockBytes
HENHMETAFILE_UserMarshal

shlwapi

SHIsLowMemoryMachine
UrlHashW
PathUnmakeSystemFolderA
AssocQueryStringA
UrlGetLocationA
PathUndecorateW
SHRegWriteUSValueA
SHStrDupA

kernel32

TerminateThread
InitAtomTable
SetUnhandledExceptionFilter
GetProcessPriorityBoost
WriteConsoleOutputCharacterA
lstrcpynW

msvcrt

iswprint
_wrename
exp
_getdcwd
_wfindnext
__setusermatherr
_Gettnames
_ismbcl0

ntdll

RtlValidSecurityDescriptor
RtlGetCallersAddress
RtlInsertElementGenericTable
RtlAddAuditAccessAce
RtlDestroyProcessParameters
DbgBreakPoint

Sections

.text
Size: 5KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 63KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE