052210ee203a0cf82be9d7b0fae377cb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

052210ee203a0cf82be9d7b0fae377cb_JaffaCakes118
Size

759KB
MD5

052210ee203a0cf82be9d7b0fae377cb
SHA1

9918989f0af69c65f2726df393b11e98c7d426ea
SHA256

c42fe4606f6d77d451de41bfee111ab35e144144a420dcb7f76f74c99fb60cee
SHA512

afcedfaf6e8cb4133fd04d1026c272ccf017fe8ad1868d3db597d8f0e36f8f6f5a4de5cb59412d72c6ec330b02c2b5d9ce89bb5fbbbcd22102c2c4893755f7d1
SSDEEP

12288:6yMJR/1mMlta0tokgEbuwzn5K9qMfmAqwlErZztwiFZF04LTNDD3pq61JSUtHoDy:5MJR/li0yEbuM09qAmv4E9lFZF04XN/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
052210ee203a0cf82be9d7b0fae377cb_JaffaCakes118

Files

052210ee203a0cf82be9d7b0fae377cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1158621104bf85c7821e04952fd37b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
EnumResourceTypesA
GetDriveTypeW
CloseHandle
GetCommandLineA
lstrlenA
GetModuleHandleA
GetFileAttributesA
GetEnvironmentVariableA
HeapDestroy
SetLastError
GetTimeFormatW
HeapCreate
VirtualQuery
CreateEventW
CloseHandle
GetCommandLineA
GlobalFlags
GetConsoleTitleA
TlsGetValue

advapi32

IsValidSid
IsValidSid
IsValidSid
CreateProcessAsUserA
RegEnumKeyA
IsValidSecurityDescriptor
InitializeSid
RegDeleteValueA
IsValidAcl
IsValidSid
IsValidSid
RegCreateKeyExW
RegQueryValueW

asycfilt

FilterCreateInstance
FilterCreateInstance
FilterCreateInstance
FilterCreateInstance

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ