aaa47edc41396928ca7a0762ee5da995_JaffaCakes118 | Triage

Sharing

General

Target

aaa47edc41396928ca7a0762ee5da995_JaffaCakes118
Size

744KB
MD5

aaa47edc41396928ca7a0762ee5da995
SHA1

055a431d702ff9a2e0e6fdaa7c55db16b01fdb2b
SHA256

5980c9f95084a8feb9110c6a1546b6b76ed6cce84270838de55923cfad56d40d
SHA512

2d4d0ccf9b41d2d932036275efe085fcee4270d5f74fb487484a647c53ec6d42c5d91406c16454323ce7ec2448933c0b2ee7e6a7d452d93b3ac8334650f783e6
SSDEEP

12288:hCLUr5CUDl6zg4HfCVtbzcwxq0BD81Tk9rMSzHb/oCZiYf8sadplxVFcD+yjPMHs:4UNhl6zgAKcQbBDKarMSzHBiPsa5xfSt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa47edc41396928ca7a0762ee5da995_JaffaCakes118

Files

aaa47edc41396928ca7a0762ee5da995_JaffaCakes118
.exe windows:4 windows x86 arch:x86

407d3e7d3f77346dded4bc49979e862b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
VirtualProtect
GetConsoleWindow
HeapSize
CreateHardLinkA
GetModuleHandleA
ResumeThread
GetDriveTypeA
CloseHandle
ExitProcess
ReleaseMutex
SetEvent
GetTickCount
DeleteTimerQueue
HeapDestroy
lstrcmpiA
GetStartupInfoA
GetLastError
IsValidCodePage
DeleteCriticalSection
GetTempPathA

advapi32

LsaFreeMemory
GetFileSecurityA
RegCloseKey
IsValidSid
IsValidAcl
AccessCheck
GetSecurityInfo
ReportEventA
CloseTrace
IsWellKnownSid
RegQueryValueExA
CloseEventLog
RegEnumKeyExA
RegEnumValueA
RegLoadKeyA
LsaSetSecret
FreeSid
LsaClose
OpenEventLogA
RegCreateKeyExA

wininet

DetectAutoProxyUrl
FindCloseUrlCache
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheEntryA

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ