42e1d1990c46861efa26da6ea8903a1c_JaffaCakes118 | Triage

Sharing

General

Target

42e1d1990c46861efa26da6ea8903a1c_JaffaCakes118
Size

9KB
MD5

42e1d1990c46861efa26da6ea8903a1c
SHA1

6cb7e4ac6f7be0d2f11b3cc38e13ee7bab3ebfd9
SHA256

adcccb8e39cd681f4d741a2dcadbf4f354920a389221f88b40ac72a18cc48be6
SHA512

619986ab20b0eb45e2f7dfa59a029de14ca8a5ba0e561d71f000140f11fd5734f056258dd3c3235b034dcd57b8a264bf11cab4a1f4edc43ab86de8c32e69a6ef
SSDEEP

96:6P3OfiKhJ3NG9jHDU141WKj3nVhUa2FbIogAOPkircoQp4MN2sF/njvhW4rMYONe:6K4S48g3zB2FcogVPrYNpJ2mfPMNeTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42e1d1990c46861efa26da6ea8903a1c_JaffaCakes118

Files

42e1d1990c46861efa26da6ea8903a1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

209211cc493c87cdad9807f06adf1f65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FindResourceExA
GetTickCount
ExitProcess
DeleteCriticalSection
GetLastError
FindVolumeClose
CreateThread
GetCalendarInfoA
FindAtomA
ReleaseMutex
lstrlenA
GetModuleHandleA
SetEvent
VirtualProtect
FindClose
GetDiskFreeSpaceA
SearchPathA
TlsGetValue
CloseHandle

advapi32

RegLoadKeyA
GetFileSecurityA
CloseTrace
LsaFreeMemory
LsaClose
FreeSid
RegCloseKey
LsaSetSecret
RegEnumKeyExA
IsValidSid
OpenEventLogA
CloseEventLog
RegCreateKeyExA
AccessCheck
RegCloseKey

msdtcuiu

DllRegisterServer
DllGetClassObject
DtcPerfClose
DtcPerfOpen
DtcPerfCollect

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ