a973d722c931d19b50aa3c644bc6642c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a973d722c931d19b50aa3c644bc6642c_JaffaCakes118
Size

330KB
MD5

a973d722c931d19b50aa3c644bc6642c
SHA1

ce908ec0b6c3a1e2a9d36f645eb7c1a8d03029a6
SHA256

0bd684fe64386b2212076b8ecefe316e52b82a05064e457283d9bca2031dbbdd
SHA512

5366e7c592965536b8188c4cc84d2c238e58fd03ebec14d0cf2336bc64e8e075e23dc5ac0bda46d50271115e8d408ffff3d16c20c27d2283a7414ae69fd0af6d
SSDEEP

6144:Vj/g/J/CZQk2vz3tH1ZWVuyZ/q2zWG75f1q7HtsD8PEFTg44aN0:Vj/g/J/khwy5Naef1sc8cFjHN0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a973d722c931d19b50aa3c644bc6642c_JaffaCakes118

Files

a973d722c931d19b50aa3c644bc6642c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0cc65efb06564d51719f7bfc53a6c3f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
IsBadReadPtr
LocalFree
EnumResourceTypesW
GetLastError
VirtualProtect
SetLocalTime
FindClose
CloseHandle
Heap32First
GetLogicalDrives
IsBadStringPtrA
TlsGetValue
ResetEvent
GetCommandLineA
GetDiskFreeSpaceExA
CancelIo
SetLastError
LoadLibraryExW
FreeConsole

advapi32

RegCreateKeyExA
LsaFreeMemory
GetFileSecurityW
RegQueryValueA
RegCloseKey
CloseEventLog
IsTokenUntrusted
GetLengthSid
RegEnumKeyExA
FreeSid
RegDeleteKeyA
RegEnumValueA
LsaClose
RegCloseKey

hnetcfg

HNetFreeSharingServicesPage
HNetDeleteRasConnection
DllGetClassObject
HNetGetSharingServicesPage
DllRegisterServer

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ