c04678d0248e539150a400ffb5fd29de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c04678d0248e539150a400ffb5fd29de_JaffaCakes118
Size

822KB
MD5

c04678d0248e539150a400ffb5fd29de
SHA1

86923d3867f252888d4e7ece68d42788f8b574b9
SHA256

d242afa1a4e7bd4ef8fe582fcd8733e421255176fe621185ca39476e8cec89b2
SHA512

2a081775435ebc5c01f17f7a78a8418f0daac1ffcc574c17e85140ecef82a51ed2b3e9f3dcbadfbc7bd357d7c17d6f15e9f10bff75e7cef229e5c824d21da839
SSDEEP

24576:NRLPKYpZREdAxrU1cA/BzRonjvWL7B4ah109KAU2Xd:NRLPrZRkYro39Robo4ahO9A2Xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c04678d0248e539150a400ffb5fd29de_JaffaCakes118

Files

c04678d0248e539150a400ffb5fd29de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9f304608814efaa631a23a0a16d60bb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetModuleHandleW
WriteFile
ResumeThread
GetEnvironmentVariableW
LocalFree
GetPrivateProfileIntW
GlobalSize
GetCommandLineA
InterlockedExchange
GetExitCodeProcess
lstrlenA
CloseHandle
GetACP
CreateEventA
FindVolumeClose
VirtualAlloc
CreateMutexA
GlobalFree
ResetEvent

advapi32

LsaClose
IsTextUnicode
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueA
ClearEventLogA
RegEnumKeyA
CreateServiceA
ControlService
RegDeleteValueA
IsValidAcl
IsValidSid

mspatcha

GetFilePatchSignatureA
GetFilePatchSignatureA
ApplyPatchToFileA
GetFilePatchSignatureA
GetFilePatchSignatureA

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ