bd13b823f50309c1bac4be16bbb16110_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd13b823f50309c1bac4be16bbb16110_JaffaCakes118
Size

11KB
MD5

bd13b823f50309c1bac4be16bbb16110
SHA1

318d7bc76461b3ed3927cc8696a5041fd7b1c0a5
SHA256

6fdd5fa8f321e01f6c9ec72bc47a0b74b8159dd7b87355391df17aaf42f7b75b
SHA512

1aa9d69a78df88e9cb3da14f9a7d9bfc74cd3ee776f06a516a10cf968941f9fd3927a7a8568fd3d8f23123872cfb8c7cc5ed5bdc4fe418175cc7a17336ef1926
SSDEEP

192:6/RqD564+9yJOqzV+bwXwswnpAqyZGVNeT:T5ZOqBfXzwnbhVNe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd13b823f50309c1bac4be16bbb16110_JaffaCakes118

Files

bd13b823f50309c1bac4be16bbb16110_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24491e06b3db9d3f7b54f89254999f8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
FindClose
SetLastError
GetLogicalDrives
Heap32First
CloseHandle
GetDiskFreeSpaceExA
ResetEvent
IsBadStringPtrA
CancelIo
GetModuleHandleA
GetLastError
EnumResourceTypesW
FreeConsole
SetLocalTime
LocalFree
VirtualProtect
TlsGetValue
IsBadReadPtr
GetCommandLineA

advapi32

RegQueryValueA
LsaFreeMemory
RegEnumValueA
RegEnumKeyExA
GetFileSecurityW
RegCreateKeyExA
RegDeleteKeyA
CloseEventLog
GetLengthSid
IsTokenUntrusted
LsaClose
RegCloseKey
FreeSid
RegCloseKey

hnetcfg

DllRegisterServer
HNetGetSharingServicesPage
HNetDeleteRasConnection
HNetFreeSharingServicesPage
DllGetClassObject

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ