aa21a5ad63d505319c1ebd719d814d30_JaffaCakes118 | Triage

Sharing

General

Target

aa21a5ad63d505319c1ebd719d814d30_JaffaCakes118
Size

11KB
MD5

aa21a5ad63d505319c1ebd719d814d30
SHA1

9745432a0e4ee5814328510fc5e31ecf22c42bd6
SHA256

da2ba4174c03a4ea2e45dbecc64ed2ea5a0c23dc05f87c80ffb0a27891c350dc
SHA512

08770b94f9bd4cb0e972f45181da65f327f53a2e6a1753b62455a206ba0d51d50d9a2144d80722c994b3faf01a5d23eae3285d5128427fedcbc7d03296dc24db
SSDEEP

192:rn07+ONZxfOiork4VhGHeFZkCkSVUzVG4j9sase7l512OOHrzqlNyeYhiPq50Xnt:r0npfJqkYASaCT+Tj0ml5wOGrzKYMq5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa21a5ad63d505319c1ebd719d814d30_JaffaCakes118

Files

aa21a5ad63d505319c1ebd719d814d30_JaffaCakes118
.exe windows:1 windows x86 arch:x86

88bd57adc1fbecd5bf03be6dec4cfbc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DAD_DragMove
DAD_DragLeave
DAD_ShowDragImage
DragQueryPoint
FindExecutableA

comdlg32

dwOKSubclass
dwLBSubclass
Ssync_ANSI_UNICODE_Struct_For_WOW
GetOpenFileNameA

advapi32

AddAccessDeniedAce
AddAce
BuildTrusteeWithSidA
ChangeServiceConfig2A
CloseEventLog

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE