c1a759bf74160e034df988993cb0e5ee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1a759bf74160e034df988993cb0e5ee_JaffaCakes118
Size

800KB
MD5

c1a759bf74160e034df988993cb0e5ee
SHA1

5757a95891a23c4069ac349edc2fadc5f49767c2
SHA256

4429a538f086d825ca8200ff9e210d81acbccf27dcd46cd961a10306def8b491
SHA512

4ed87a128c49158d827fb26141790b834d6ece34b257fed3f26a0758f583951087c21dcaa40fffdaa9b4d5326be85d43e3fec749f79e4fb42ae6586323b23445
SSDEEP

12288:eudD9sF47joSewX8p+EYXeMpUZmYKTbkP5B2JcOBKvlTXDehkH3yNZ1EjbDl:xD9A4HoPMxCx0YK3A2JrBET8WiH1Ep

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1a759bf74160e034df988993cb0e5ee_JaffaCakes118

Files

c1a759bf74160e034df988993cb0e5ee_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7bdb1718ea39e0f3d205275108890372

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapDestroy
GetDriveTypeA
VirtualProtectEx
ResumeThread
GetPrivateProfileIntW
DeviceIoControl
DeleteFileA
LoadLibraryW
GetPrivateProfileSectionA
SetLastError
GetFileAttributesW
GetProcessHeap
CreateEventW
DeviceIoControl
GetStringTypeW
CreateMutexW
GetCurrentThread
HeapFree
TlsGetValue
lstrlenA
ClearCommBreak

clbcatq

ComPlusMigrate
SetupOpen
CheckMemoryGates
SetupOpen
SetSetupSave
CheckMemoryGates
ComPlusMigrate
ComPlusMigrate
DllGetClassObject
DllGetClassObject
CheckMemoryGates
SetupOpen
SetSetupSave

pdh

PdhCloseLog
PdhAddCounterA
PdhGetLogFileSize
PdhGetLogFileTypeA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ