cee536bee50416a2604d692b79107c43_JaffaCakes118 | Triage

Sharing

General

Target

cee536bee50416a2604d692b79107c43_JaffaCakes118
Size

297KB
MD5

cee536bee50416a2604d692b79107c43
SHA1

2ac4e0118831552e5fa9c74941fb654cd0519a0e
SHA256

0a91de8984ce8eb1fa93dd80ed27153cffa2ae3b0169cca6c8c8254642a60354
SHA512

c4458b7a9f4f744cc3e3cb0c4d48abd7cfb3706668d4d9c88b202aff18353b04389ef6b369627cba664f48cfadae582fa82550adb853e4d8b88b03516ad4ca5a
SSDEEP

6144:32y1EfML7ZA/VDAD3GpoMaJ3zHfjjY0mIyykH9EZHS8:32SEfGFuVqua5jYvIidEJS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cee536bee50416a2604d692b79107c43_JaffaCakes118

Files

cee536bee50416a2604d692b79107c43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0eaa4d3c82d45b4f075d9a3dd2ad3633

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
LocalFree
SetEvent
GetTickCount
CreateThread
SetLastError
GetDiskFreeSpaceW
GetExitCodeProcess
LoadLibraryW
HeapCreate
GetModuleHandleA
ResetEvent
GetSystemTime
SuspendThread
TlsGetValue
GetCommandLineW
GetComputerNameA
GetFileAttributesA
FindAtomA
CloseHandle

advapi32

RegQueryValueA
RegEnumKeyExA
GetFileSecurityA
CloseEventLog
RegEnumValueA
GetUserNameW
CredFree
GetLengthSid
RegCloseKey
CreateServiceW
RegDeleteKeyA
IsTokenRestricted
RegCreateKeyExA

cryptui

CryptUIDlgSelectStoreA
LocalEnroll
CryptUIDlgCertMgr
CryptUIDlgSelectCA
WizardFree

powercfg.cpl

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ