1021ae0c50ce3dc1a6f3c709ed8483dd_JaffaCakes118 | Triage

Sharing

General

Target

1021ae0c50ce3dc1a6f3c709ed8483dd_JaffaCakes118
Size

820KB
MD5

1021ae0c50ce3dc1a6f3c709ed8483dd
SHA1

2891f274bd7546b78207c9da6e692a68e7cef0c1
SHA256

a46a157c2ddcede0ca15527f3ef7feb5905c9647178d89ab3535887562a91895
SHA512

baf360f260da0f1541744be8bb658f6a5ff0fb0763a246da3cdece102c9d022ae0e83a58e783f0a94c125954690ac88ca4b77f8bfe64de3ed1cb2e37f7090fa2
SSDEEP

24576:9RMhfFeWOWuRRgKE0AVqAs92HthcVSQX8b:9RMhfIWOWuRRgKE0AVqxxSsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1021ae0c50ce3dc1a6f3c709ed8483dd_JaffaCakes118

Files

1021ae0c50ce3dc1a6f3c709ed8483dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb6397241c9ffb96e6c3aff2e4597053

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
InterlockedExchange
LocalSize
CreateMutexW
WriteFile
GetPrivateProfileIntA
GetStdHandle
LoadLibraryW
VirtualAllocEx
GetCommandLineW
LocalFree
lstrlenA
FreeConsole
GetEnvironmentVariableA
CloseHandle
ResetEvent
ReleaseMutex
GetSystemInfo
CreateEventW
SuspendThread

advapi32

ControlService
RegEnumKeyA
IsValidSecurityDescriptor
CloseEventLog
IsTextUnicode
RegDeleteValueA
RegQueryValueW
IsValidSid
CreateServiceW
RegCreateKeyExW
InitializeSid
RegCloseKey
ClearEventLogW
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ