f6cd44fc771d08a441a62c0d6976bdcf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6cd44fc771d08a441a62c0d6976bdcf_JaffaCakes118
Size

822KB
MD5

f6cd44fc771d08a441a62c0d6976bdcf
SHA1

1103556b1cfe528c39e044de8d7fe1769e55cb22
SHA256

736193904ef4dafc45e7c345550f063ecad9a9138ad1b764ed9051146cf9aaf7
SHA512

28964b3c9c66714894e9630ed23b2ef58bab06e19adab8f161ad1e5136d5095d1c91546a5182627eb3baa49fa50b88d52640ecd085197d1fa523324291dd897d
SSDEEP

24576:4BnERYpZREdAxrU1cA/BzRonjvWL7B4ah109KAU2Xd:4BEOZRkYro39Robo4ahO9A2Xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6cd44fc771d08a441a62c0d6976bdcf_JaffaCakes118

Files

f6cd44fc771d08a441a62c0d6976bdcf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02adec5615fe551641492cbc05c7a92a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
CreateEventA
GetStdHandle
ResetEvent
WriteFile
GlobalSize
FindVolumeClose
GetCommandLineA
GetEnvironmentVariableW
GetExitCodeProcess
InterlockedExchange
VirtualAlloc
GetModuleHandleW
lstrlenA
LocalFree
ResumeThread
CreateMutexA
CloseHandle
GetACP
GetPrivateProfileIntW

advapi32

RegQueryValueA
RegDeleteValueA
IsValidAcl
LsaClose
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
ClearEventLogA
RegCloseKey
CreateServiceA
IsValidSid
ControlService
IsTextUnicode

avicap32

videoThunk32
videoThunk32
AppCleanup
videoThunk32
videoThunk32

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ