ab402946d0a469cd782806c084ff5fb7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab402946d0a469cd782806c084ff5fb7_JaffaCakes118
Size

74KB
MD5

ab402946d0a469cd782806c084ff5fb7
SHA1

c43a2e0ccb8717a60405bd0581fc026a75604908
SHA256

e67917f022f33793976a0e91f7a537f785a6bb40c8ec3150b9abea86e81ac881
SHA512

f1db10f66a67b64bc6273d6379c692dab7bb2b3497f1ac0f683e1d4095b1690cc44031660f0ee2d41e76c67dbc76c2395843f5e36dca8ea966dd6de508ca1be1
SSDEEP

1536:sjvBEx73mlW7S86Vdriv0G6XYwhVjLXWTxmXMq7/PklqP:sjv+3Z967xqwj/XWTxmXrY8P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab402946d0a469cd782806c084ff5fb7_JaffaCakes118

Files

ab402946d0a469cd782806c084ff5fb7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

98b1ed969886aeed527d2862ed0723ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetModuleFileNameA
LoadLibraryW
GetCurrentThread
GetEnvironmentVariableA
CreateFileW
FileTimeToSystemTime
ReadProcessMemory
GetModuleHandleA
OpenMutexW
VirtualAlloc
GetEnvironmentVariableW
SetLocalTime
GetTempPathA

untfs

Recover
Format
Extend
FormatEx
Chkdsk

advapi32

CreateServiceW
RegEnumKeyA
RegLoadKeyA
CryptSignHashW
ControlService
RegOpenKeyA
LogonUserA
RegDeleteValueW
RegCreateKeyExA
OpenEventLogA
StartServiceW
RegRestoreKeyW
RegUnLoadKeyW
RegReplaceKeyW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.loop
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_MEM_WRITE