17eed4bd7861706346d802cd597e6060_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17eed4bd7861706346d802cd597e6060_JaffaCakes118
Size

385KB
MD5

17eed4bd7861706346d802cd597e6060
SHA1

45ffaf1e58db3ea4a5b08a8ae78ad2d05f272119
SHA256

11e8de99e6695d5dd2b72a9818bce9f5779adfba02dadd706e5ab401e8cf4d54
SHA512

e4dde8b2318b7810391c26f305951c2f78a753df338220f15e6ccd833628f4a24e60b3e629cc00a03813a0935cbf1fc838f22a1af38c56664a3e454ffeebdc62
SSDEEP

6144:2wquLHwHGt4j+VC69neOSAZNIf6r4fpSiHSkqPjzMhQfDDWZ:22HwHGty+VCt2NIfAopDSnMhQfDD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17eed4bd7861706346d802cd597e6060_JaffaCakes118

Files

17eed4bd7861706346d802cd597e6060_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2556066af72ee172a50cb173b3bd93c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetDiskFreeSpaceW
GetStringTypeW
ReadConsoleA
GetLastError
LoadLibraryA
lstrcpyW
CloseHandle
ExitProcess
GetPrivateProfileIntA
Heap32First
ReadFileEx
FindResourceW
lstrcmpA
GetCurrentDirectoryA
InterlockedIncrement
SetEnvironmentVariableA
HeapCreate
GetDiskFreeSpaceW
WaitForSingleObject
GetExitCodeProcess
InterlockedDecrement

adsldpc

ADsEnumAttributes
ADsCloseSearchHandle
ADsExecuteSearch
ADsDeleteClassDefinition

clbcatq

SetSetupSave
ComPlusMigrate
SetSetupSave
DllGetClassObject
SetupOpen
CheckMemoryGates
ComPlusMigrate
ComPlusMigrate
CheckMemoryGates
DllGetClassObject
SetupOpen
SetupOpen
CheckMemoryGates

version

VerFindFileA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ