aa0768d564a5128df68a8941d5019cec_JaffaCakes118 | Triage

Sharing

General

Target

aa0768d564a5128df68a8941d5019cec_JaffaCakes118
Size

224KB
MD5

aa0768d564a5128df68a8941d5019cec
SHA1

92aaee8412a24f51a7d4c569660288eaa86b2d33
SHA256

bec2c54f6578048bd8555d1086fb8dca71b3f71b4b7d86a0be94f6a22676b800
SHA512

f9c0bb630d1644fcf0cd27096c47a3a6824b603aeb24dc9218ef85b0fe5bd3023f7c11349beb035c3a5d7878e9f3ac4e5de7c0115a76e85f5a5dd0d1487b298f
SSDEEP

6144:tRY+X66shJWMa+TUewO3VH2eO4litDkqvV:7Ykgpp5H2LDT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa0768d564a5128df68a8941d5019cec_JaffaCakes118

Files

aa0768d564a5128df68a8941d5019cec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4670278ec475f298c5827a6c6a45b2ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
EraseTape
OpenMutexW
UnlockFile
GetVersionExW

user32

UnregisterUserApiHook
OpenIcon
GetWindowLongA
EndDialog
RegisterLogonProcess
UserLpkTabbedTextOut
DdeInitializeA

advapi32

ImpersonateLoggedOnUser
GetSecurityInfoExA
RegCreateKeyA
SetSecurityInfoExA
OpenServiceA
WmiExecuteMethodW
BuildImpersonateTrusteeA

shell32

SHGetFolderPathW
SHChangeNotifySuspendResume
StrCpyNA
DragQueryFileW
SHOpenPropSheetW
StrCmpNIW
SHChangeNotify
ShellExecuteA

gdi32

GdiDeleteLocalDC
GdiEntry7
DdEntry0
EngDeletePalette
GetGlyphOutlineWow
GdiConvertPalette
GetCurrentPositionEx

Sections

.text
Size: 222KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ