457761b40711880c0a4538aad20bd986_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

457761b40711880c0a4538aad20bd986_JaffaCakes118
Size

759KB
MD5

457761b40711880c0a4538aad20bd986
SHA1

a8460ace0a01a0f8921a5615f3a00d1345ab30ab
SHA256

819e65e2cef1243368f808840612c0d5f70b95efe59f8d92af47e54fecf39096
SHA512

6a6eb12da0d4ce7c23e3f50317ea5eb511092b98c30829eee7d4bb73918400051faf743af98761cb2c4cf0abf4d9c51a361b0a952e736a93e47e1bb92cfca7b2
SSDEEP

12288:ionb0viCaH3GcNjKXaK5yjhcr5vJISPBces9EjVu2X8Q14EIR6u/ARiV5yfhG:ionbciXH3GcNj45yVcrBJISPBjs9qSQ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
457761b40711880c0a4538aad20bd986_JaffaCakes118

Files

457761b40711880c0a4538aad20bd986_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7642000ddfe13596703506e59f3f4d22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetVolumePathNameA
CloseHandle
GetTimeFormatA
HeapDestroy
GetStartupInfoA
GetCommandLineA
GetDriveTypeA
DeleteFileW
lstrlenA
GetEnvironmentVariableA
TlsGetValue
CloseHandle
HeapCreate
GetConsoleTitleA
CancelIo
CreateEventA
GetCommandLineA
GetModuleHandleA
VirtualQuery

advapi32

CreateServiceW
IsValidAcl
CreateProcessAsUserA
RegEnumKeyA
ControlService
IsValidSid
IsTextUnicode
IsValidSecurityDescriptor
RegDeleteValueA
RegQueryValueW
InitializeSid
ClearEventLogW
RegCreateKeyExW

resutils

ResUtilGetSzValue
ResUtilGetSzValue
ResUtilGetSzValue
ResUtilGetSzValue

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ