39103eabbd310d8a09ab85efff41c8f9_JaffaCakes118 | Triage

Sharing

General

Target

39103eabbd310d8a09ab85efff41c8f9_JaffaCakes118
Size

816KB
MD5

39103eabbd310d8a09ab85efff41c8f9
SHA1

bc5014b178097b58ca72a58ed8ae6a738121deee
SHA256

45782a452b374a2866c2b500b0f50662d9d22f7dde3288be8dda3b584c5bc4f9
SHA512

88eeb690b2eefdae4e7757678a92e3dd573c31e56a5e91d94f20e5f7fa3eb09e902d9793453be17f2b6d3f08fb56347114cddc3ae80523ddb017fd8969d36ba4
SSDEEP

24576:o8FN/RcIY5LxZuPKaUvOketavLWD43Vp6AHHNAM97bAsV:jFbJY5LxZuPTZYzfTpHH+K4s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39103eabbd310d8a09ab85efff41c8f9_JaffaCakes118

Files

39103eabbd310d8a09ab85efff41c8f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f8ab8101637a5b4b9457863e9e1091f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
TlsGetValue
lstrlenW
FormatMessageA
WriteConsoleW
GetPrivateProfileIntA
Beep
GetCommandLineA
Beep
lstrcatA
VirtualQuery
ReleaseMutex
GetModuleFileNameW
Beep
GetCurrentThreadId
Beep
Beep
Beep
Beep
VirtualProtect
GetFullPathNameW
DeleteFileW
GetModuleHandleA
SetLocaleInfoA
Beep
Beep
Beep
SetCurrentDirectoryW
TlsSetValue

catsrvut

CGMIsAdministrator
RegDBRestore
StartMTSTOCOM
RegDBBackup

Sections

.TEXT
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.vdata
Size: 797KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ