d352cd261abf750135918461d9f6b358_JaffaCakes118 | Triage

Sharing

General

Target

d352cd261abf750135918461d9f6b358_JaffaCakes118
Size

325KB
MD5

d352cd261abf750135918461d9f6b358
SHA1

a6d94dc33cf227bd46dc484897c00a336b7b94cc
SHA256

2c59c1209651831a3b2d29c1eb7348b8a2ceb7acd0f07c990b6045161b7f7d8b
SHA512

bde41a0205fd003cab20fb139addb9582b373ba30da977fdf6850ed67f6f874592c5188116d7f1fbac42fd4f97a28de264e4f276294c8ee6e30c7c23b077ceef
SSDEEP

6144:jb2K6pei6FPeuUjy9Bu9Av/uW4u+AoXoQ+31bA+GWLdJxbmRZq9O:Zwj6F2fC6A8AoX7M5A+GW5bmRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d352cd261abf750135918461d9f6b358_JaffaCakes118

Files

d352cd261abf750135918461d9f6b358_JaffaCakes118
.exe windows:4 windows x86 arch:x86

422fcf15deedaec923636a7fd6c69ef2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
CloseHandle
DeleteCriticalSection
VirtualProtect
AddAtomA
GetModuleHandleA
ExitProcess
GetPrivateProfileStringA
lstrcmpiA
GetTickCount
ResumeThread
GetDriveTypeA
IsValidCodePage
GetStartupInfoA
SetEvent
ReleaseMutex
HeapSize
HeapDestroy
CreateHardLinkA
DeleteTimerQueue
GetLastError

advapi32

IsValidSid
RegEnumKeyExA
GetSecurityInfo
RegCloseKey
RegEnumValueA
LsaSetSecret
RegCreateKeyExA
RegQueryValueExA
RegLoadKeyA
AccessCheck
GetFileSecurityA
IsWellKnownSid
OpenEventLogA
LsaFreeMemory
CloseTrace
CloseEventLog
LsaClose
FreeSid

apphelp

ApphelpShowDialog
SdbFindFirstTag
SdbFindNextTag
ApphelpCheckIME
SdbFreeFlagInfo

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ