ed84951d1eb267601da8d387c2a04234_JaffaCakes118 | Triage

Sharing

General

Target

ed84951d1eb267601da8d387c2a04234_JaffaCakes118
Size

314KB
MD5

ed84951d1eb267601da8d387c2a04234
SHA1

caf96bf9e531c2f87496f8b1e6e92f23359558bd
SHA256

a89bbb28d4ae43982a06ee14c18103dcdb3121a86d6c064499ea89645cb1150e
SHA512

ee1bd51bdb449e9802ea483edba0a3d064c90c85b6d04b399ceea965dab3747964637fade487e970bfcc0bb98c6ada211abbb2941712168a13e6f3572a1aa475
SSDEEP

6144:2+jqTGmHW+yPYHvv0WRHFrqhqWF4YGMtpSXoG/A/Y8OBkWV6YTpO2fXmYigTmwpu:pqbyQHvv0WPuSmZGA+ZdO2fcgTmXX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed84951d1eb267601da8d387c2a04234_JaffaCakes118

Files

ed84951d1eb267601da8d387c2a04234_JaffaCakes118
.exe windows:4 windows x86 arch:x86

515f6eb82e5c6c86a3a00302fde66a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
LCMapStringW
LCMapStringA
DebugBreak
HeapReAlloc
GetStringTypeA
EnumSystemLanguageGroupsW
OutputDebugStringA
WriteConsoleW
GetStringTypeW
OutputDebugStringW
IsValidCodePage
CompareFileTime
GetLocaleInfoA
GetTimeZoneInformation
GetCPInfo

advapi32

LookupAccountSidA
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
PrivilegeCheck
AddAce
GetUserNameA
GetSecurityDescriptorLength
DuplicateTokenEx
QueryServiceStatus
IsValidSecurityDescriptor
RegOpenKeyExW

shlwapi

PathAddBackslashW

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

winmm

mciSendCommandA

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ