deacf7e5da2f6aa4aea6430a594df3c4_JaffaCakes118 | Triage

Sharing

General

Target

deacf7e5da2f6aa4aea6430a594df3c4_JaffaCakes118
Size

334KB
MD5

deacf7e5da2f6aa4aea6430a594df3c4
SHA1

cf8442323e4d4e72c6b10a03b68b923885629db3
SHA256

4592c7c8edf49b66e860c8f90dfdcfc8ab980548d286af6f8118987459654f8b
SHA512

676cdcf4e58b929d4219d4ab1bb5f244c7c51d990982941677adca5db06c85c8c38fb20a1c680ce89a508527247d62e28071f5d0d560fb6c13514de2139ecc96
SSDEEP

6144:XBC9k3CkeX29Lzpnb7IH9jimmGVJjfurCm7kjZqa1RqSWhQ+2UPZu+BH:RC9SC7X21Bm9NmGVJLu/ojUkcSKQRUDH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deacf7e5da2f6aa4aea6430a594df3c4_JaffaCakes118

Files

deacf7e5da2f6aa4aea6430a594df3c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f448b5cfb725ebe78f8b366216ee8b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
ReleaseMutex
DeleteCriticalSection
GetModuleHandleA
HeapDestroy
GetLastError
TlsGetValue
AddAtomA
ExitProcess
CreateHardLinkA
ResumeThread
GetPrivateProfileStringW
GetDriveTypeA
lstrcmpiA
CloseHandle
VirtualProtect
GetTickCount
HeapSize
GetTempPathA
GetStartupInfoA
GetThreadLocale

advapi32

CloseEventLog
LsaFreeMemory
IsValidSid
AccessCheck
RegEnumKeyExA
LsaSetSecret
RegEnumValueA
CloseTrace
LsaClose
FreeSid
GetSecurityInfo
RegLoadKeyA
GetFileSecurityA
RegCloseKey
RegCreateKeyExA
OpenEventLogA

urlmon

CoInstall
CoInternetParseUrl
CopyBindInfo
CoInternetGetSession
CoInternetCompareUrl

perfos

CloseOSObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ