27f783e044d756c8cbbb2ec340c00ba1_JaffaCakes118 | Triage

Sharing

General

Target

27f783e044d756c8cbbb2ec340c00ba1_JaffaCakes118
Size

294KB
MD5

27f783e044d756c8cbbb2ec340c00ba1
SHA1

21ccec1fa044fa7ac1edfdc3d94bd8c5f67b5697
SHA256

1a2b043e63fa2fe4dcb65fbdbba02630c727835dae55a75394397fd2ca09b0b7
SHA512

916dd44638437b3077ab4fdbecbb0952b31933a8d89d2801ea9e56f5e12451b66373fb2fe0d32bcdae8cb547479254896518517d7c1e121b58448358ceeae106
SSDEEP

6144:rvKH0vWDv+zarx9piUTjUUhqatTs2lIqBLTA4wxbPmSlJsR0I:rSHZDv+zaN9UVcTblIqpT7wxbtJkn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
27f783e044d756c8cbbb2ec340c00ba1_JaffaCakes118

Files

27f783e044d756c8cbbb2ec340c00ba1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea6f5c2b009a73d52cdee28f7e5888cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
CreateThread
lstrcatA
GetLastError
CreateMutexA
lstrcmpA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetModuleHandleA
IsDebuggerPresent
GetCurrentProcess
lstrcmpiA
HeapFree
GetEnvironmentVariableA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetProcessHeap
lstrlenA
GetProcAddress

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ