b4a464d729adbab1ea0504813d374cfb_JaffaCakes118 | Triage

Sharing

General

Target

b4a464d729adbab1ea0504813d374cfb_JaffaCakes118
Size

759KB
MD5

b4a464d729adbab1ea0504813d374cfb
SHA1

f7786eb4a39916e0f1eb1f0ec3fa7147288fdaec
SHA256

95404b05b9b00734ac8e025a4573cd9fd2d9b0d6052041cdeb2d1c1199446854
SHA512

cfa3a68fea6e355ebdac9820f12e2791e0ed254dc5292a0fd5eb198429cf3268440d079f9893def906624aa9a28fcb1c14a993d2bdace0ad226e03726045694d
SSDEEP

12288:iiaVBe8MJDEOoGPab3AsN0bsfXxd/rLnHSCmvP3Ai2MRALhKsQp9sq2Zkod49c7c:kBe9QOonb3gsffLHSCoPQkRALhqidO8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4a464d729adbab1ea0504813d374cfb_JaffaCakes118

Files

b4a464d729adbab1ea0504813d374cfb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7891c2dbc185f5caadbe77129f877545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
HeapSize
GetLastError
HeapDestroy
ReleaseMutex
GetStartupInfoA
ResumeThread
SetEvent
GetPrivateProfileStringW
GetDriveTypeA
DeleteCriticalSection
ExitProcess
lstrcmpiA
DeleteTimerQueue
GetTickCount
GetTempPathA
CloseHandle
IsValidCodePage
CreateHardLinkA
AddAtomA
GetModuleHandleA

advapi32

AccessCheck
OpenEventLogA
CloseEventLog
RegCloseKey
RegLoadKeyA
RegEnumValueA
LsaClose
FreeSid
LsaSetSecret
LsaFreeMemory
RegCreateKeyExA
GetSecurityInfo
CloseTrace
RegEnumKeyExA
IsWellKnownSid
IsValidSid
GetFileSecurityA
RegQueryValueExA

urlmon

CoInternetCompareUrl
CopyBindInfo
CoInternetParseUrl
CoInternetGetSession
CoInstall

perfos

CloseOSObject

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE