3881abe93536a866a0263820ab9a9e37_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3881abe93536a866a0263820ab9a9e37_JaffaCakes118
Size

382KB
MD5

3881abe93536a866a0263820ab9a9e37
SHA1

4a6ff9ca678541bdf5fc0a47753c30065e77fa62
SHA256

a8741af951e5c666b8fd13ee388a352a3dbe609f525e093750ea41acca30dd4e
SHA512

aa3adf481ef5ec04f96620b14d36756516b9605b4e2fcac4e6fe5d0845dd9670982753c0b6b957432ad11808ef00a6182f82003ddf2f25583d584fbb445a1281
SSDEEP

6144:uSgEtkRMH6y4+AGeJKiIdDjky49jypOAEWZqnKET5EIyLjRKg1gXVJiObl:uSftkRMHpAGliLy8hAEWZ+7TSHRKSgFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3881abe93536a866a0263820ab9a9e37_JaffaCakes118

Files

3881abe93536a866a0263820ab9a9e37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29186663e207f62efe1af795b209f553

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
InterlockedExchange
CreateMutexW
FreeConsole
GetPrivateProfileIntA
SuspendThread
CreateEventW
CloseHandle
GetEnvironmentVariableA
GetCommandLineW
VirtualAllocEx
lstrlenA
GetSystemInfo
WriteFile
LoadLibraryW
LocalFree
ReleaseMutex
LocalSize
GlobalFree
GetStdHandle

advapi32

IsValidSid
IsValidSecurityDescriptor
CreateServiceW
CloseEventLog
ControlService
IsTextUnicode
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExW
ClearEventLogW
RegQueryValueW
InitializeSid
RegCloseKey
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ