b0b16b1d76ef68b391f9761d5e12ecd3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0b16b1d76ef68b391f9761d5e12ecd3_JaffaCakes118
Size

20KB
MD5

b0b16b1d76ef68b391f9761d5e12ecd3
SHA1

ac92b0823f194823b03b78858d1d3124eaa65d4d
SHA256

c44216be625a678baac5113ca285e58ebd474e507c67386d59984702d9ea90e9
SHA512

a1dd126aa4673d18fe0cafe7cc220cc74846327b7654038e357f82071572f10fb2dcc7506596090f8164cd004564d50c18f0c0c4f79dea677297c7f5c19a2a5e
SSDEEP

384:ziXc+aKPJisQ7zISkL3JnUbcMwUJ2cBqg+VNoF+VadUbN+wD:ziXRnPssQ/IHL3vMTgAiNw+Vai+wD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0b16b1d76ef68b391f9761d5e12ecd3_JaffaCakes118

Files

b0b16b1d76ef68b391f9761d5e12ecd3_JaffaCakes118
.exe windows:1 windows x86 arch:x86

3609cca6c689bcdc152481852ce0c018

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenBackupEventLogA
DeleteAce
GetNumberOfEventLogRecords
GetEffectiveRightsFromAclA
LsaOpenPolicy
CryptEncrypt

comctl32

ImageList_DrawEx
FlatSB_ShowScrollBar
CreatePropertySheetPageW
ImageList_Merge
ImageList_Add
FlatSB_GetScrollRange

ole32

CoSetProxyBlanket
CoBuildVersion
CoInstall
CoSetState
UtGetDvtd32Info
GetRunningObjectTable
MkParseDisplayName
CoGetInstanceFromIStorage

shlwapi

SHDeleteKeyA
StrCmpIW
SHDeleteOrphanKeyW
ChrCmpIW
UrlCombineA
StrTrimA
StrStrA
SHRegQueryInfoUSKeyW

oleaut32

RegisterActiveObject
VarCyInt
VarUI4FromDisp
LPSAFEARRAY_UserMarshal
OaBuildVersion
VarCyFromDisp
VarR4FromUI2
OleIconToCursor

ntdll

NtFlushKey
NtAllocateUserPhysicalPages
log
RtlFirstFreeAce
ZwImpersonateAnonymousToken
NtQueryInformationPort
RtlSetOwnerSecurityDescriptor
ZwResumeThread

Sections

.text
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ