a50b596fc07919775bda59c09aadb5c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a50b596fc07919775bda59c09aadb5c3_JaffaCakes118
Size

11KB
MD5

a50b596fc07919775bda59c09aadb5c3
SHA1

864692a6c3b111a5d611fdd2a14e26d60191a27b
SHA256

45130d8c4c9158cbbf2171552d5939bb55bf6628e2603becc42b205a0d3c8eac
SHA512

51ca780d19db846dc96de81a7600f5d9b010b1716eeed25d247b4f294464ac2e3889a6e1b52281221dcf634cc6c34f48e61679cd456127eca1b0d6542ba525f1
SSDEEP

96:6PjjvetzKa2iF5oosDbIs9vtpWHK6Jwh26T/0x5tqrkscQm4:6nWxKa24ozbj9VsF2h8+kr5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a50b596fc07919775bda59c09aadb5c3_JaffaCakes118

Files

a50b596fc07919775bda59c09aadb5c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2750f666a5d5a45b9462d39fbe4c0dcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
TlsGetValue
GetLastError
GetCommandLineA
DeleteCriticalSection
FindClose
SetLastError
GetDateFormatA
LoadLibraryExW
CancelIo
IsBadStringPtrA
GetDriveTypeW
VirtualProtect
ResetEvent
CloseHandle
EnumResourceTypesA
GetDiskFreeSpaceExA
GetModuleHandleA
LocalFree
FreeConsole

advapi32

LsaSetSecret
RegLoadKeyA
IsValidSid
OpenEventLogA
GetFileSecurityA
RegCreateKeyExA
RegCloseKey
CloseEventLog
LsaClose
CloseTrace
LsaFreeMemory
AccessCheck
FreeSid
RegCloseKey

osuninst

IsUninstallImageValid
GetUninstallImageSize
RemoveUninstallImage
ExecuteUninstall
ProvideUiAlerts

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxlbmbt
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE