170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118 | Triage

Sharing

General

Target

170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118
Size

821KB
MD5

170591c0c9563ac6ef3a17bb5ecce674
SHA1

69b51e4d839bd7f984682912838b6d33adeba793
SHA256

c3aa9aef0b39032f37c299996337932a439e2739255b17a1e74e11a9c03c2915
SHA512

30f3fad357b4b3b0f19f8213944922666ed59c0458d18047cc128d95859f9e2e8ac782741c89c72a78028ed36f220c27d55904fc1844f3367050ab6f2ebfcd6f
SSDEEP

24576:fyRM4M25Q59mdJfzb5pUKY5eBOmqwDk9Pejiwoa6baq0ADQcD:fyRML2eafbKeBOmqlTwSbvDQcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118

Files

170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92768abb2478f9606552244b2ac30d9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeConsole
SuspendThread
GetPrivateProfileIntA
ReleaseMutex
GetSystemInfo
GlobalFree
lstrlenA
CreateMutexW
VirtualAllocEx
WriteFile
GetStdHandle
LocalFree
GetCommandLineW
ResetEvent
InterlockedExchange
GetEnvironmentVariableA
LoadLibraryW
LocalSize
CreateEventW

advapi32

RegQueryValueW
CloseEventLog
ClearEventLogW
RegCloseKey
InitializeSid
RegDeleteValueA
RegCreateKeyExW
IsTextUnicode
CreateServiceW
IsValidSecurityDescriptor
ControlService
RegEnumKeyA
IsValidSid
InitializeSid

iernonce

InitCallback
InitCallback
InitCallback
InitCallback
InitCallback

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ