374496f641e44f44076e15baeae9b1ce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

374496f641e44f44076e15baeae9b1ce_JaffaCakes118
Size

102KB
MD5

374496f641e44f44076e15baeae9b1ce
SHA1

04cb8d8d54c0762c9b3a0064715c8e1b257975d8
SHA256

19bf28cc7a45de8dd526779ee9173f9e632db4dbd4a022f39b15224c911f0aff
SHA512

4db1a17c0bc5cc43ebb2abb22dfed78e44a6fbc9b83c73f705c28ee379c9a92d19515e94d874d93a6c2dbc203a8bebf972f43947433ae88f30c8184f2cacbd64
SSDEEP

1536:XiDLDSW3ziBDWBB2QB7RUd6LXIeTH+nEOh6CdBbDA2x5C6Bw4zw2Sv:SPGVFWb2GF4aH+EO5Rv5CI1w2Sv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
374496f641e44f44076e15baeae9b1ce_JaffaCakes118

Files

374496f641e44f44076e15baeae9b1ce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

683fa3b5667d80107db91156c3e49198

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
GetProcessHeap
GetTickCount
GetVersionExA
HeapAlloc
InterlockedDecrement
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReadFile
SetLastError
lstrlenA

advapi32

AllocateAndInitializeSid
ChangeServiceConfigA
LockServiceDatabase
LookupAccountSidA
OpenProcessToken
OpenSCManagerA
QueryServiceStatus
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ