a6cfea6ea3ce38876d0ba7dfcc775dbf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6cfea6ea3ce38876d0ba7dfcc775dbf_JaffaCakes118
Size

56KB
MD5

a6cfea6ea3ce38876d0ba7dfcc775dbf
SHA1

7f210d877f6fec5ead9ca621bdb3835af4fe353b
SHA256

13fcefccfdaa9614391c3540599c96191df9c4460dcebd139d0abef1853159d6
SHA512

e8fa36b65a01e531d453f3f2ba419636da9e8420d86bf2a8f850d7c8cc88163d7f61a2444ece9919e3a26e902c016c744600521358ca9f1a9b86b1acb4ff7ca8
SSDEEP

1536:Z1iMRKCQ1grAPZzGtSOC6pbT/TOF9blIuCpemk9x:zilCKgMPcS6ZTC/6Rk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6cfea6ea3ce38876d0ba7dfcc775dbf_JaffaCakes118

Files

a6cfea6ea3ce38876d0ba7dfcc775dbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc90c828c3aa5e8f7ebd3dc68082f2a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
EnumResourceLanguagesA
ExitProcess
GetPrivateProfileStructA
GetProcessHeap
LockFile
VirtualAllocEx
WaitForMultipleObjects
WriteConsoleInputW

advapi32

AdjustTokenGroups
BuildTrusteeWithSidA
DeregisterEventSource
DestroyPrivateObjectSecurity
EnumDependentServicesA
FindFirstFreeAce
GetEffectiveRightsFromAclW
GetKernelObjectSecurity
OpenEventLogA
QueryServiceLockStatusW
RegOpenKeyA
SetNamedSecurityInfoW
SetSecurityDescriptorGroup

user32

DdeKeepStringHandle
GetMenuDefaultItem
GetMenuItemInfoW
InvalidateRect
InvalidateRgn
IsWindowUnicode
LoadCursorW
OpenIcon
RegisterClipboardFormatW

shell32

Control_RunDLLA
DoEnvironmentSubstA
ExtractIconA
ExtractIconResInfoA
FreeIconList
SHGetSpecialFolderLocation
SHQueryRecycleBinA
SheChangeDirExA
Shell_NotifyIconA

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE