a76edf498403214b7e6a7301e7820683_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a76edf498403214b7e6a7301e7820683_JaffaCakes118
Size

48KB
MD5

a76edf498403214b7e6a7301e7820683
SHA1

7f368298eb1a2aaad38ab4a76c28e4cdb0c90b36
SHA256

612ee3058880af7af71b887894443a6e6e3dc3fdef47fbd79fb64e62014e64e0
SHA512

b110b3a5385a32871e00ceac7f81eff6c2617ab8de3842f8a5b619b55fbcdc21ba67b786a3b1a25da90e6dfc815e60f7bd0a31b6e2eff8fa73847965c49cede1
SSDEEP

768:U6ENWAOXpteJ3tBMzWvzgx/nVb5o1unLsLiXtgXpbrZfyuwcNoRLDLwKb0SQIedN:UzDOXEsxVb5gydgBk1LXwKgSQ/As

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a76edf498403214b7e6a7301e7820683_JaffaCakes118

Files

a76edf498403214b7e6a7301e7820683_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6fc15276457b6398ce91984cc75645e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
ExitProcess
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
IsValidLocale
LocalAlloc
MoveFileExA
OpenWaitableTimerW
QueryDosDeviceW
RemoveDirectoryW
SetPriorityClass
Thread32Next
TlsAlloc
WaitForSingleObject

advapi32

AccessCheckAndAuditAlarmA
BackupEventLogA
ChangeServiceConfigA
CryptAcquireContextW
CryptDeriveKey
CryptGenRandom
FindFirstFreeAce
GetMultipleTrusteeOperationW
InitiateSystemShutdownA
QueryServiceStatus
RegLoadKeyA
RegNotifyChangeKeyValue
SetAclInformation
SetEntriesInAuditListA
StartServiceA

gdi32

AnimatePalette
CreatePalette
CreatePolygonRgn
PlayMetaFileRecord
PolyPolyline

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE