0e4618c1526284b2df4e9a81dac53ca9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e4618c1526284b2df4e9a81dac53ca9_JaffaCakes118
Size

404KB
MD5

0e4618c1526284b2df4e9a81dac53ca9
SHA1

f53a53d6e6f896608300dbefc01787e49cc469af
SHA256

c0a4da670602a8fe4a30ab5ef66fbf2a8cba55d03c6a0f3f3161a54be1e8312d
SHA512

1d72d2800052aea443bd0f500cf30ea7f8c77628249f62b4f60ef4f743fc7bcba3ea20fabf99e3c799644400dbdb1a0b9752c0ad20947d3883383a4701c11326
SSDEEP

12288:vad+qIvqqNGesKnzFGp52kbS1JJ3biIYE:vad+LFNGeYo1zRiZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e4618c1526284b2df4e9a81dac53ca9_JaffaCakes118

Files

0e4618c1526284b2df4e9a81dac53ca9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1e20e90c3dc5103040bb712c5095594d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceTypesW
GetVersion
CreateThread
AddConsoleAliasA
Process32NextW
GetCommandLineA
VirtualProtect
ScrollConsoleScreenBufferA
NlsConvertIntegerToString
ExitThread
GetModuleHandleA
ExitProcess
GetCommProperties

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleW
SystemFunction032
RegFlushKey
SystemFunction007
LsaCreateTrustedDomain
SynchronizeWindows31FilesAndWindowsNTRegistry
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclA
RemoveTraceCallback

ole32

HBITMAP_UserMarshal
CoResumeClassObjects
CoQueryProxyBlanket
HMETAFILE_UserUnmarshal
CreateGenericComposite
HWND_UserSize

Sections

.text
Size: 395KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ