0cc1b115aea76b3a0051add3db974814_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cc1b115aea76b3a0051add3db974814_JaffaCakes118
Size

816KB
MD5

0cc1b115aea76b3a0051add3db974814
SHA1

610d23e65c65efdddee4e8386763c5ac6cd232b6
SHA256

7a20b9067242d4780543de13e402512afd05ec70ce11d226966a46c7ac27c341
SHA512

daa898ac46c3110fe9580bc11fe7074e7e3637ff125284005e5b05e7b1ada6b6f4b702bafa27271a51c060d13a780f17fcad7ef734799f3b00042e68e76db0a3
SSDEEP

24576:l2fsyiBodn756gf/VOdifZUkmUjw0HBueZUMe:A7T7NftePUBB3U3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cc1b115aea76b3a0051add3db974814_JaffaCakes118

Files

0cc1b115aea76b3a0051add3db974814_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12f37069cc35846244dcad836f614e7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
lstrlenW
GetCurrentThreadId
SetThreadPriority
ReleaseMutex
GetFullPathNameW
WriteConsoleW
Beep
VirtualQuery
FormatMessageA
Beep
GetModuleFileNameW
TlsSetValue
Beep
Beep
Beep
GetPrivateProfileIntA
VirtualProtect
SetCurrentDirectoryW
SetLocaleInfoA
TlsGetValue
Beep
Beep
Beep
GetCommandLineA
Beep
lstrcatA
GetModuleHandleA
Beep

catsrvut

StartMTSTOCOM
RegDBBackup
RegDBRestore
CGMIsAdministrator

Sections

.TEXT
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.vdata
Size: 797KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ