42859923b57607b4af71fe86887dcaa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42859923b57607b4af71fe86887dcaa9_JaffaCakes118
Size

20KB
MD5

42859923b57607b4af71fe86887dcaa9
SHA1

c659ff41e152f5c3e47b586908b2bf585bd372bc
SHA256

1effb75aeaeed1e0a9e0f984f87cdce9358c89e25f29fb456b7d7ca4aea95dea
SHA512

f1fef7557fd828a893d88d7528a037cc0b7e848c3219ca040e690310e62259dd5ee9205c9d8ed6cef472cfae369c74496402a731559f70cadab20461ebcba102
SSDEEP

384:QnOVz9yY+D0vR1vYg3KTQE7ORBJezsUxnjjDhVQrUUY5GF9MHQEh49:dhgYcavYAmwWzDjfhVQAUY5GAHQEh49

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42859923b57607b4af71fe86887dcaa9_JaffaCakes118

Files

42859923b57607b4af71fe86887dcaa9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a38bd27e238c999d3f75ba666442541d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Write

shell32

SheFullPathA
StrStrIW
SHFreeNameMappings
StrNCpyA

kernel32

DuplicateConsoleHandle
ConvertThreadToFiber
ConvertDefaultLocale
DeleteCriticalSection

ntdll

NtInitializeRegistry
NtOpenEventPair
NtLockRegistryKey
NtFreeUserPhysicalPages
NtMapUserPhysicalPagesScatter

Sections

.text
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE