06538853e866a5cd6d64300b5ab628c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06538853e866a5cd6d64300b5ab628c4_JaffaCakes118
Size

304KB
MD5

06538853e866a5cd6d64300b5ab628c4
SHA1

c8e43cee236f8e257d6d2206270863dec791bd55
SHA256

bde80eb9929c608821e818cfa22ee2940a673b332afe354373cdcf8fc2bcf872
SHA512

66d5546a875c774ceb904b19e48f8a6cbb157e1715f4ba39129eaa85a1221420f7ad94a1918eecd1b188433053a8cd08c3a91358a4f824a316513337ba1c9925
SSDEEP

6144:SqA/DS4g0WrYVKhSLvg8t/CME8VSW8aL6wpd5G:voSjSLv9vED9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06538853e866a5cd6d64300b5ab628c4_JaffaCakes118

Files

06538853e866a5cd6d64300b5ab628c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf1927533634298a9150244b565c59ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
LocalFree
GetEnvironmentVariableW
lstrlenA
GetCommandLineA
CloseHandle
FindVolumeClose
GetStdHandle
GetExitCodeProcess
ResetEvent
VirtualAlloc
WriteFile
CreateEventA
GetPrivateProfileIntW
CreateMutexA
GlobalFree
ResumeThread
InterlockedExchange
GetACP
GetModuleHandleW

advapi32

RegEnumKeyW
IsTextUnicode
IsValidAcl
ClearEventLogA
RegCreateKeyExW
ControlService
IsValidSid
RegQueryValueW
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
CloseEventLog
CreateServiceA

amstream

DllRegisterServer
DllRegisterServer
DllGetClassObject
DllRegisterServer
DllRegisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ