ebde9eeeb956e16ae7c0837a4052ddec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebde9eeeb956e16ae7c0837a4052ddec_JaffaCakes118
Size

359KB
MD5

ebde9eeeb956e16ae7c0837a4052ddec
SHA1

9b05719a9b67e77faabcbd35baf1855028e46f2b
SHA256

b909eb3d036efb52f008a271dc292bfc8018a4daca2d5b299b7ab84c2046dc3c
SHA512

131825924c220eb3f59e4383ad6d979736565bfb48679a3c677b9a71c15cf9b6fa2b67def6bebe3a4bc5f86358cc88169c0202976161a838b269f6592b7573c4
SSDEEP

6144:dV7kSdZBiEQXLhOv7G6BqYrlJAFBxCAPd5PMn+uIY8+YT6p0fKX:fDQbhOvi0AFBNPzPMn+ujYw0C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebde9eeeb956e16ae7c0837a4052ddec_JaffaCakes118

Files

ebde9eeeb956e16ae7c0837a4052ddec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f3ebf32e2b8f5aea1251df8c6be5648

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
ExitProcess
GetPrivateProfileStringW
GetModuleHandleA
GetStartupInfoA
GetDriveTypeA
SetEvent
DeleteCriticalSection
HeapDestroy
HeapSize
VirtualProtect
GetTempPathA
ResumeThread
CreateHardLinkA
DeleteTimerQueue
IsValidCodePage
GetLastError
lstrcmpiA
CloseHandle
GetTickCount
AddAtomA

advapi32

RegEnumValueA
CloseEventLog
LsaFreeMemory
GetSecurityInfo
LsaClose
LsaSetSecret
IsWellKnownSid
GetFileSecurityA
RegCreateKeyExA
CloseEventLog
IsValidSid
AccessCheck
RegCloseKey
OpenEventLogA
RegQueryValueExA
RegEnumKeyExA
RegLoadKeyA
CloseTrace

apphelp

ApphelpShowDialog
ApphelpCheckIME
SdbFindFirstTag
SdbFindNextTag
SdbFreeFlagInfo

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ