a8b5fdc8d3d7772740586b61bef6799c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8b5fdc8d3d7772740586b61bef6799c_JaffaCakes118
Size

25KB
MD5

a8b5fdc8d3d7772740586b61bef6799c
SHA1

cea3c6618ed5c6e49468f949d00412a4218e730c
SHA256

b63fd350307d6655274886e93831acf6cf1f6b9ed02e788515e80e0114ee40ec
SHA512

42ea44ec10d62ebbe5133fedad98d57ad0bb3ee23a42f7e408b23d0aa182e9c8f16fc4fd4a2d90741a8fbf86edcb7f66b9db5c57c6d9c4b18174633fec889f31
SSDEEP

384:PE+Xeixxs04whTIFHwEivvVvvHAnxnH6zy8sHzbPw/K1FdvfdCp3rBMhWfEIb04N:RvxG04wUaEiZvjLGzbIC/JleMhsneJbG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8b5fdc8d3d7772740586b61bef6799c_JaffaCakes118

Files

a8b5fdc8d3d7772740586b61bef6799c_JaffaCakes118
.exe windows:1 windows x86 arch:x86

e2c69898e19633e9830253504d1e2896

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ElfDeregisterEventSource
CryptGetKeyParam
FindFirstFreeAce
GetSecurityDescriptorDacl
GetTokenInformation

kernel32

ClearCommBreak
ConvertThreadToFiber
CreateEventA
CreateMutexA
DefineDosDeviceA

Sections

.text
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE