ead5825dcb834f3991d1a8fb40493128_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ead5825dcb834f3991d1a8fb40493128_JaffaCakes118
Size

744KB
MD5

ead5825dcb834f3991d1a8fb40493128
SHA1

a967e6027c48e14e73f5daf805bcb8102aa95e7a
SHA256

bdaf7eac17d46ce7c9534098642f2dc02833b71da0ce949a895d460c51365f1a
SHA512

b3c0862cd8f7c472f1e8b0f67daa42bc5d0746f6165ceea8106a8f338a9f1a50c6e598ca09bf9c9989081889090b138b064a6648b0854896a2eaa51923d7231e
SSDEEP

12288:rvSIU9kNluUFsCcP9X6aGzItloYJK9D+fMzFm4sW5yd2FnsMvjNNP1QE:rvxNl7c4P2uYJKAEJmn4HnsmzP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ead5825dcb834f3991d1a8fb40493128_JaffaCakes118

Files

ead5825dcb834f3991d1a8fb40493128_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd629e039e215f9e7100040028e5c50c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
SetConsoleTitleA
SetConsoleMode
SetEvent
CloseHandle
HeapDestroy
OpenSemaphoreA
VirtualProtect
GetLogicalDrives
GlobalLock
CreateMutexA
SetConsoleIcon
GetTickCount
GetModuleHandleA
InterlockedExchange
LoadLibraryA
ReleaseMutex
FindVolumeClose
GetLastError
UnmapViewOfFile
ExitProcess

advapi32

ReportEventA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegLoadKeyA
CloseTrace
GetUserNameA
RegCreateKeyExA
LsaClose
IsValidAcl
LsaFreeMemory
IsValidSid
CredReadA
CopySid
GetFileSecurityA
GetAce
IsTextUnicode
CloseEventLog
EqualSid
OpenTraceA
RegQueryValueExA
RegSaveKeyA
GetLengthSid
OpenEventLogA
FreeSid
RegFlushKey
CloseServiceHandle
CredFree
RegEnumValueA

uxtheme

CloseThemeData
GetThemeBool
GetThemeColor
GetThemeFont
GetThemeInt

devmgr

DevicePropertiesA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ