140cc290355880599ed80b73a79612f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

140cc290355880599ed80b73a79612f3_JaffaCakes118
Size

330KB
MD5

140cc290355880599ed80b73a79612f3
SHA1

d17eb1c7c7e9c1da6ed84e68f8b509fbea84a4a6
SHA256

95385bbdc8fe54ad1a2140f4fe3dffbc9ad40e2b76a300a6cd7a801bb4fbbb44
SHA512

e45cbae2595bcdf57cf82572a7471ae48f2e34da43789cd30156e8ff1773eec970d54b0eff63fd863aa9cc83dbc9bf23724d3060c8037dcd4d165982e20f91f3
SSDEEP

6144:Xu0DIyA7YLVFxWM2u1pHExxRffIHC52nKTk6Ma8Y/VqaQXHEUBwv3p+e72:XuyAcLff2u/yROC52HJvxXHEG8IN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
140cc290355880599ed80b73a79612f3_JaffaCakes118

Files

140cc290355880599ed80b73a79612f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f36014481b7ab74b1bf2185e65a1235e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
LoadLibraryW
GetModuleHandleA
FindVolumeClose
ResumeThread
CreateFileA
GetCommandLineW
GetSystemTime
GetDiskFreeSpaceA
CreateThread
lstrlenA
GetTickCount
ResetEvent
GetComputerNameA
SetLastError
GetDriveTypeA
CloseHandle
GetDateFormatA
HeapCreate
LocalFree

advapi32

RegQueryValueA
CreateServiceA
FreeSid
RegCloseKey
RegEnumKeyExA
GetFileSecurityW
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
IsTokenUntrusted
CloseEventLog
GetLengthSid
GetUserNameA

clbcatq

SetupOpen
DllGetClassObject
CheckMemoryGates
SetSetupSave
ComPlusMigrate

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ