11e9677e249a1a643f7c9b65a498c205_JaffaCakes118 | Triage

Sharing

General

Target

11e9677e249a1a643f7c9b65a498c205_JaffaCakes118
Size

816KB
MD5

11e9677e249a1a643f7c9b65a498c205
SHA1

bec04424d82fe66d868b18133390d958570f279d
SHA256

fa7ffe9f6c7f723d9ced1be1fbdfd1e8a3e49a308ac283a2553110773d7bb3e7
SHA512

07e68860e65afc20669730af144c63e36e3eb51a0ea9e49bce5d1de220a9eab4e90e2de332b77b324e490611c13342f7de91a41e93fa92bb327915dcbf210b24
SSDEEP

24576:gtdOFcMZ4ogPjrqGE80ZHM1neA6IbICqfxc8R:giSMLgOllZHM8A6IqtR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11e9677e249a1a643f7c9b65a498c205_JaffaCakes118

Files

11e9677e249a1a643f7c9b65a498c205_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90c2c69ab8e090ea6c66adbc86f108e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocaleInfoW
Beep
ReleaseMutex
TlsSetValue
Beep
lstrcmpA
VirtualQuery
WriteConsoleW
Beep
GetFullPathNameW
lstrcatA
Beep
GetModuleHandleA
GetPrivateProfileIntA
Beep
VirtualProtect
GetModuleFileNameW
Beep
DeleteFileW
Beep
Beep
GetCommandLineA
Beep
SetCurrentDirectoryW
TlsGetValue
Beep
FormatMessageA
SetThreadPriority
GetCurrentThreadId

catsrvut

StartMTSTOCOM
RegDBRestore
RegDBBackup
CGMIsAdministrator

Sections

.TEXT
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.vdata
Size: 797KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ