b50b5b8365a0435eb76409dda26cf655_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b50b5b8365a0435eb76409dda26cf655_JaffaCakes118
Size

40KB
MD5

b50b5b8365a0435eb76409dda26cf655
SHA1

161071fcc5d2e297d4d6263bc8d69114d3f3357f
SHA256

15ca088fd8a0a51d066fc5d75b3174a7e888c4c0140b556ab61e91a9beecf8b3
SHA512

333173d3c136f04a4e6185c4877c96f1a4b12feced96ecd82b0a5911f2b6a27f756b954bddfcd853552dd5605c53f8182e2be3ee6fdcd5f1174e6c33f601f4d5
SSDEEP

768:+dXBiZ+zjPsLCqbMUkoWwDIBP/m0f4gy7x7JJN2ik1sSHqHZY61J33q:OxiAPPs9woWeIh/t4pJhkuHpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b50b5b8365a0435eb76409dda26cf655_JaffaCakes118

Files

b50b5b8365a0435eb76409dda26cf655_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b859e3ee6bebeb0d60853c336f50e5fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateIoCompletionPort
EndUpdateResourceA
ExitProcess
GetPrivateProfileStringW
GetPrivateProfileStructW
GetUserDefaultLangID
PrepareTape
SetSystemTimeAdjustment
Sleep
VirtualFree
WritePrivateProfileSectionA
WritePrivateProfileSectionW
_lwrite
lstrcmp

advapi32

AllocateAndInitializeSid
BuildImpersonateTrusteeW
ControlService
ConvertAccessToSecurityDescriptorW
CreateProcessAsUserW
CryptAcquireContextA
DeleteService
DestroyPrivateObjectSecurity
GetAuditedPermissionsFromAclA
GetOverlappedAccessResults
InitiateSystemShutdownW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmA
OpenSCManagerW
OpenThreadToken
QueryServiceConfigW
RegEnumKeyW
RegFlushKey

user32

CallMsgFilter
CharLowerW
CreateDesktopA
DdeDisconnectList
DrawTextA
EnumChildWindows
EnumDisplaySettingsExW
GetClipboardData
GetMenuItemInfoA
GetMessageTime
GetMonitorInfoA
GetWindowContextHelpId
RegisterClassExW
RegisterTasklist
SetCaretPos
SetSystemCursor
SetWindowPlacement

Sections

.text
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE