38e7de10cbcbdef88440bd215215ef73_JaffaCakes118 | Triage

Sharing

General

Target

38e7de10cbcbdef88440bd215215ef73_JaffaCakes118
Size

820KB
MD5

38e7de10cbcbdef88440bd215215ef73
SHA1

b5da3f01d9363bb4f693b691814c57bcd5fec17b
SHA256

ad971b94abb184a84435a7838ddf78b2e982c97bc268b36feb77e88bbfee00b7
SHA512

eba77b8f0992f0a66442439cf6ca165db7559495ad8cd8dadcf9b7dc0112da56b9604233ba038d979124c6c9013612576ccfa9170ccdc33ab90fac46cca15fc4
SSDEEP

24576:DrRMv1ezP5SHKR7guZCXyxhfiLPOWJmjzYy:vRMv1edWKR7fCixhfiLm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38e7de10cbcbdef88440bd215215ef73_JaffaCakes118

Files

38e7de10cbcbdef88440bd215215ef73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35a67661e1255171465aebddf06d3eb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GlobalFree
lstrlenA
GetEnvironmentVariableA
FreeConsole
SuspendThread
ReleaseMutex
CreateEventW
LocalFree
CreateMutexW
GetCommandLineW
GetStdHandle
ResetEvent
InterlockedExchange
LoadLibraryW
WriteFile
LocalSize
CloseHandle
GetSystemInfo
GetPrivateProfileIntW

advapi32

InitializeSid
ClearEventLogW
IsTextUnicode
IsValidSecurityDescriptor
ControlService
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegDeleteValueA
RegEnumKeyW
IsValidSid
CreateServiceA
CloseEventLog

dssec

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ