cde111e07df24df54cc46a3f51906c89_JaffaCakes118 | Triage

Sharing

General

Target

cde111e07df24df54cc46a3f51906c89_JaffaCakes118
Size

73KB
MD5

cde111e07df24df54cc46a3f51906c89
SHA1

4cd758ba0276af7318db9fe2f37c317deb0f5736
SHA256

a47b1906c59ef5db5ada77c97d5763cf52132e2316b6b95ba9cc2cbfc7e15074
SHA512

551101317ca7b2ab5166731d3c5a1f567b928aef4f5d1cb405b9c175904a18c0afbbd77cd031454dbc76ad1c14d746d1ba47ac1e8edf344a49f965378fab5ab0
SSDEEP

1536:eAsLbind8uGZsvDpFFElCb2d57TBBavjmrxmmAcv6MOSuIrvoYAkkjdR:eNLod8uGZoDpDEsb2d5nmvuoRSlrvoYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cde111e07df24df54cc46a3f51906c89_JaffaCakes118

Files

cde111e07df24df54cc46a3f51906c89_JaffaCakes118
.exe windows:5 windows x86 arch:x86

43da9ead81fb4ea4c1b612ef2c1000e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_scprintf
_initterm
free

kernel32

GetTickCount
GetEnvironmentStringsW
CloseHandle
GetModuleHandleW
CreateFileW
VirtualAlloc
GetStartupInfoW
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentProcessId
lstrcmpA
GetFileTime
ExitProcess
LoadLibraryA
GetACP
FreeEnvironmentStringsW
GetCurrentProcess
GetSystemTimeAsFileTime
IsDebuggerPresent
GetLastError
GetStartupInfoA
GetProcAddress

advapi32

RegSetValueExW
RegOpenKeyA
RegSetValueW
RegDeleteValueW
FreeSid
QueryServiceStatus
RegQueryValueExA
RegSetValueExA
RegQueryValueA
RegQueryValueW
RegCreateKeyExW
RegEnumKeyExA
AllocateAndInitializeSid
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyA
RegCreateKeyExA

kbdfr

KbdLayerDescriptor

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ