ee69deca0456b2a6cc52e9d3621f6149_JaffaCakes118 | Triage

Sharing

General

Target

ee69deca0456b2a6cc52e9d3621f6149_JaffaCakes118
Size

382KB
MD5

ee69deca0456b2a6cc52e9d3621f6149
SHA1

d65d66387464bc9fa192948c12bc87c669b9e71f
SHA256

4590a459b1a27893f71b7e9b6b30e2b340b08eb3598f7aaa3177e4e68791b16b
SHA512

d50443149aea5c297f00bc2df628b466b04b47a379c5b1e5ab41b6790be4c91c2bc9223ce7975556b1a1df4dd93839d5d802a86362d93133f65da2210bf2227f
SSDEEP

6144:4dvWQRMDrPanRgkr/TbWz6b+vzR1vED0sj+SBl4qA4/qylPzgNbwjZUE79rlnMqa:QvzRM/CRn/Tq2K7R100E++l4qh/qabGM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee69deca0456b2a6cc52e9d3621f6149_JaffaCakes118

Files

ee69deca0456b2a6cc52e9d3621f6149_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2e3e8016b3371b8a38bcfcd55f6173f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
ResetEvent
LocalFree
GetEnvironmentVariableW
GlobalFree
LoadLibraryW
CloseHandle
lstrlenA
GlobalFlags
IsBadStringPtrA
GetCurrentThreadId
SetEvent
GetLocalTime
ReleaseMutex
GetPrivateProfileIntA
GetDriveTypeA
WriteFile
VirtualAllocEx
GetCurrentProcessId
InterlockedExchange

advapi32

RegCloseKey
RegDeleteValueA
ControlService
RegCreateKeyExW
IsValidSecurityDescriptor
InitializeSid
ClearEventLogW
RegEnumKeyA
IsValidSid
CloseEventLog
RegQueryValueW
CreateServiceW
IsTextUnicode
InitializeSid

loghours

DialinHoursDialog
DialinHoursDialog
DialinHoursDialog
DialinHoursDialog
DialinHoursDialog

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ