fdf71f77328cd591f9bc1aaa4f4e797c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdf71f77328cd591f9bc1aaa4f4e797c_JaffaCakes118
Size

208KB
MD5

fdf71f77328cd591f9bc1aaa4f4e797c
SHA1

d774d6e9281068f3c3d98656dfef32292e3529aa
SHA256

a1a2ba2be1d88c9d06760ddf5eecbd772f8851cb40fb154ad901d1e1a5e07a50
SHA512

6bb6b2a0a57bb2ec5c84087c6f637f50d72c8cb802e5f8e95447dcb99d2d96661f22871384cc6bafca540aae242ff521f8dd6cceeb5d24c62798e13de0193845
SSDEEP

6144:SKDdqP67VbNm8Qu9t8mYcMZG1vNNL10JpAsEsCqg1jgxiL:Bdqwmvn/cME1VNeJFg1sxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdf71f77328cd591f9bc1aaa4f4e797c_JaffaCakes118

Files

fdf71f77328cd591f9bc1aaa4f4e797c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9c28e36a60952478da2fd4cf08024a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegQueryInfoKeyW
ReportEventW
ChangeServiceConfigW
CheckTokenMembership
RegEnumKeyExW

ntdll

NtQueryValueKey
NtQuerySection
NtSetDefaultLocale
ZwQueryInformationToken
NtOpenSection

kernel32

SetProcessAffinityMask
InitializeCriticalSectionAndSpinCount
CreateFileA
HeapFree
Sleep
FindFirstFileW
CloseHandle
VirtualAlloc
InterlockedIncrement
LocalFree
MapViewOfFile
DisableThreadLibraryCalls
FindClose
GetCurrentProcess
LeaveCriticalSection
WideCharToMultiByte
ReleaseMutex
TlsAlloc
InterlockedDecrement
OpenFileMappingW
SetEnvironmentVariableW
GetSystemTimeAsFileTime

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ