bce234dbc79d03c56692c6d5c822b5c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bce234dbc79d03c56692c6d5c822b5c0_JaffaCakes118
Size

83KB
MD5

bce234dbc79d03c56692c6d5c822b5c0
SHA1

43cdac7526270762381c24cee0af3dc332347868
SHA256

e2f95226c8d499e38791ea112691a3b48967c5069733f04c7be781b688c8766e
SHA512

a43ff67902006439ad016dca61b165ffcbaa239e634ce00554dd28a05778abebae547b8eff1464df741d606946540dfd17c290119ab024919ff7a9d47f65a705
SSDEEP

1536:Cmy6lVabMD2HP1O8znrrrNaEBJCbxXIlPgC:Fb4bMe1/zpawwgn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bce234dbc79d03c56692c6d5c822b5c0_JaffaCakes118

Files

bce234dbc79d03c56692c6d5c822b5c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06c6ad40415e952509b9378c7f4f6d44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
FindVolumeClose
GetStartupInfoA
lstrlenA
GetLastError
FindClose
VirtualProtect
SetEvent
GetModuleHandleA
DeleteCriticalSection
TlsGetValue
CreateThread
FindAtomA
FindResourceExA
SearchPathA
CloseHandle
ReleaseMutex
GetCalendarInfoA
GetTickCount
Sleep

advapi32

AccessCheck
CloseEventLog
RegCloseKey
LsaClose
IsValidSid
RegCreateKeyExA
OpenEventLogA
LsaSetSecret
GetFileSecurityA
RegLoadKeyA
RegEnumKeyExA
FreeSid
LsaFreeMemory
CloseTrace
RegCloseKey

msdtcuiu

DtcPerfClose
DtcPerfCollect
DtcPerfOpen
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ