274aa20616a20a1343220768ecb7e947_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

274aa20616a20a1343220768ecb7e947_JaffaCakes118
Size

31KB
MD5

274aa20616a20a1343220768ecb7e947
SHA1

3c9f57ef134bc77557b5e3745ee18576feb4193c
SHA256

1ef5d56bb747c4685baf0934e700f8788ba0daf0f081be1966427b800a9f5387
SHA512

d7220917ee1e1664ec3e83023fa0462c3f5fa3ee1029e090d75e90bbd140f263d20f07edaa58f66b665851152ffd202e250a3c5061112fcef4cd01ae7690526a
SSDEEP

768:jcuOvmNkaDitSmdnqLDmhSXCvsr7MZuu:jcuOvmNkamt/dw5r4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
274aa20616a20a1343220768ecb7e947_JaffaCakes118

Files

274aa20616a20a1343220768ecb7e947_JaffaCakes118
.exe windows:1 windows x86 arch:x86

6b25a3d8111fdf06e1231332ba75f1a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FreeLibrary
GetModuleHandleW
GetCommandLineA
EnterCriticalSection
WaitForSingleObject
GetStartupInfoA
GetCommandLineW
GetLastError
HeapFree
CreateFileW
WriteFile
ExitProcess
SetEvent
HeapAlloc
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetStartupInfoA
lstrcpyW
LocalFree
CloseHandle
HeapReAlloc
VirtualAlloc
ExitProcess
MultiByteToWideChar

user32

CharNextW
LoadAcceleratorsW
CheckDlgButton
SetCapture

advapi32

RegOpenKeyExW
OpenThreadToken
RegDeleteKeyW
AdjustTokenPrivileges

Sections

.text
Size: 26KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.test4
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE