c26f1ff6224c95426a22cf49ae59379a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c26f1ff6224c95426a22cf49ae59379a_JaffaCakes118
Size

48KB
MD5

c26f1ff6224c95426a22cf49ae59379a
SHA1

12ebc6c5919d0ea1dd212d3e4573b24b64139191
SHA256

64d26e2e2fb38ebfe4846911244cee597ecc2c7b440c4d0d3bf797bcbc767fb0
SHA512

8f0ed7c5a27d3eacb70676db9d40fe704e2df8eb2604e8fb0441293ba0beaf1b992bdd1622e023bbc2ee556c3584d1e5f46a516a68836f15c1c496750478d7a9
SSDEEP

1536:9XZ6casCGDFIYa988DwGvJ7a988DwGvJ:9XzxFa5/vJ7a5/vJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c26f1ff6224c95426a22cf49ae59379a_JaffaCakes118

Files

c26f1ff6224c95426a22cf49ae59379a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca6769ed9d55efda76b4ebb58503c894

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
DeleteFileA
GetFileAttributesA
GetSystemTime
GetSystemDirectoryA
FindClose
CloseHandle
lstrcmpA
FindFirstFileA
GetStringTypeExA
GetThreadLocale
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
WideCharToMultiByte
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetVersionExA
lstrlenA
HeapFree
GetProcessHeap
FindNextFileA
HeapAlloc

advapi32

LsaAddAccountRights
LsaClose
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateWellKnownSid
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
CloseServiceHandle
LsaOpenPolicy

user32

LoadStringW
LoadStringA
CharLowerA
wvsprintfA
CharNextA

Sections

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ