abcbdc92254e6a1169956e5631b46294_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abcbdc92254e6a1169956e5631b46294_JaffaCakes118
Size

145KB
MD5

abcbdc92254e6a1169956e5631b46294
SHA1

9c13767079f2113dcb57e2c2d90da56b32c27bc7
SHA256

5971c9dd234ecd9b662f2b5cbfa38d9002ae4d7426777a697f2489c5992dc168
SHA512

d1d07833e71a3cd33766ab07e1d837f435d497be64d480f296299b981cdbd8630233b17acb4d661e9628fd4e51a0b33a3cfd8459542d93954c741a1f75dd9128
SSDEEP

3072:0KMiM81NQoZBojpfhQ1nxrnRVJ6szCLwD7cj9Wfexcu9b2kfx:W21VBoFfCtv6XLwMQfeZ9akfx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abcbdc92254e6a1169956e5631b46294_JaffaCakes118

Files

abcbdc92254e6a1169956e5631b46294_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6474e307608055a29333858fd4879d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId

ntdll

NtAllocateVirtualMemory

netshell

NcFreeNetconProperties

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

msvcrt

wcslen
wcscat
wcscpy
wcstoul

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance
StringFromGUID2

samlib

SamAddMemberToAlias

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ