451e1fca16a99e2b61d7139f5ae7bb2b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

451e1fca16a99e2b61d7139f5ae7bb2b_JaffaCakes118
Size

382KB
MD5

451e1fca16a99e2b61d7139f5ae7bb2b
SHA1

3b3156d592355e21480cdf5bfebad6ed6c7c6dd3
SHA256

b0f76c85e1fc40f236fcf217f1e0f654e02e1792ccfbb8f50539c3dd37f89041
SHA512

db6d8fd757e34bfdcdb1588a5c4a8a9ffce1d78d825d82c4362e51692bb5e79c465305de65627d578a51494145fd52391031d59fc247bf7810211cdb59f8216b
SSDEEP

6144:sp9tQqRMXH/X5g4tYjGsJEvKt0J+LI88uGcSGBb9P1EAiW1TxubN3GfzY0i/9cIF:g9uqRMXPznbpsIM3ziW1TxubN3yclcIF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
451e1fca16a99e2b61d7139f5ae7bb2b_JaffaCakes118

Files

451e1fca16a99e2b61d7139f5ae7bb2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7489d16f6e975f84e8cb8ef4acee1778

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
ReleaseMutex
GetStdHandle
LoadLibraryW
VirtualAllocEx
FreeConsole
CreateMutexW
GetPrivateProfileIntW
CreateEventW
SuspendThread
GetEnvironmentVariableA
WriteFile
CloseHandle
GetSystemInfo
GetCommandLineW
ResetEvent
LocalSize
lstrlenA
InterlockedExchange
LocalFree

advapi32

CreateServiceA
RegQueryValueW
RegCloseKey
IsTextUnicode
RegCreateKeyExW
IsValidSid
InitializeSid
IsValidSecurityDescriptor
CloseEventLog
ClearEventLogW
ControlService
RegDeleteValueA
RegEnumKeyW

dssec

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ