da293fbfe127cef0a67607e4113e2276_JaffaCakes118 | Triage

Sharing

General

Target

da293fbfe127cef0a67607e4113e2276_JaffaCakes118
Size

191KB
MD5

da293fbfe127cef0a67607e4113e2276
SHA1

38ec2a9b15825f6037fa1f640f41aedacc0da89e
SHA256

2751ffc40e29cde0dc8ff2c99bf40ebd191011215be95539d8cb3dcdd38483be
SHA512

12d60a2c9051c626efe0c24c97508786afdb6f9f6907721d1bc386f98ee1bbd3d3977b05f381115df98c7c0814bf5be5ce9bc53a3d9360a30f9c08c0f207e6eb
SSDEEP

3072:y04gFmx6HgZ6mBsN7foc2GOfAD5In+Y8CQdwvj8C9jtq3Sm3j5n8s2x3Ws0L3amh:ogFmx6Hmcwc2G/9UHtBjg3SOjYWj2aK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da293fbfe127cef0a67607e4113e2276_JaffaCakes118

Files

da293fbfe127cef0a67607e4113e2276_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1c67943114a3e1b74c486e523736ba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartTraceW
StartServiceW
RegSetValueExW
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteValueW
LookupAccountSidW
GetTraceEnableFlags

ntdll

NtQueryInformationProcess
NtTerminateThread
ZwOpenEvent
RtlCreateTimer
NtWriteFile

kernel32

FormatMessageW
GetCurrentProcessId
Sleep
SetThreadAffinityMask
GetCurrentThread
FindNextFileW
CreateFileA
OpenEventW
SetLastError
VirtualAllocEx
GetModuleFileNameW
HeapCreate
ReadFile
InterlockedDecrement
CloseHandle
GetQueuedCompletionStatus
InterlockedIncrement
DeleteTimerQueueTimer

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ