29747da0a68964dd7f05f88843279859_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29747da0a68964dd7f05f88843279859_JaffaCakes118
Size

183KB
MD5

29747da0a68964dd7f05f88843279859
SHA1

c992c7094a29e210a5a2f821c88a1fa2969ec46c
SHA256

f52bffd624a774d91da168bfa0a855b7c03e77e5afdae149713d006a311873ec
SHA512

71975a85dc23ae7202160cfc3b08e45d8b3db3961f6fcdb5f1b5a78e385e9b59de15ce6b2c0e8ffbdede3bb5eb63dadac59130e5124d0b0b3fbba30e239e86b7
SSDEEP

3072:GK4GyR7MZvWXAaoFP4JDHzEMzR3+ml/WY5wkzoEALiB4NJjc0ZZyccrr:GYk7AawP4dDd5twksEbCNJhZyX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29747da0a68964dd7f05f88843279859_JaffaCakes118

Files

29747da0a68964dd7f05f88843279859_JaffaCakes118
.exe windows:5 windows x86 arch:x86

beaa0435278aec843446801440e1aba9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
OpenThreadToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
AllocateAndInitializeSid

kernel32

ExitProcess
GlobalUnlock
SizeofResource
HeapReAlloc
SetStdHandle
FlushInstructionCache
InterlockedDecrement
GetOEMCP
InterlockedExchange
GetFileType
HeapAlloc
GetCurrentProcessId
WriteFile
SetConsoleCP
GetModuleFileNameA
lstrcatA
VirtualProtect
GetStartupInfoA
GetFullPathNameW
GetLocaleInfoW
GetModuleHandleA
GetACP
GetCurrentDirectoryW
GetTickCount
GetCommandLineW
LCMapStringW

msvcrt

_vsnwprintf

user32

ClientToScreen
PostThreadMessageW
SendMessageW
DialogBoxParamW
SetCursor
LoadStringW
ReleaseCapture
UnregisterClassA

ole32

StringFromGUID2
CoCreateInstance
CoCancelCall

lz32

LZClose

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 237KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE