4605d8726f20325bb8878f7d4e4416f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4605d8726f20325bb8878f7d4e4416f2_JaffaCakes118
Size

821KB
MD5

4605d8726f20325bb8878f7d4e4416f2
SHA1

062771f329ef473ea01dd705e2354150c623cc2c
SHA256

a2d9503eaae93931de851d79b3ed219ecd18f3acca395cd275904bf4452239a9
SHA512

723d0f2cb49f78a3f9a88a95d6b32db50c04dcd7d1c0ba11e954c5f42cc326872e1bf1a215f2006d2104863e4d887179f739531c15e3c04b271d2cc3ee9b7c6b
SSDEEP

24576:mURMyfFeWOWuRRgKE0AVqAs92HthcVSQX8b:mURMyfIWOWuRRgKE0AVqxxSsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4605d8726f20325bb8878f7d4e4416f2_JaffaCakes118

Files

4605d8726f20325bb8878f7d4e4416f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b26d36059785529f6a3c2f3790329f52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetCommandLineW
VirtualAllocEx
FreeConsole
SuspendThread
ResetEvent
GetEnvironmentVariableA
InterlockedExchange
lstrlenA
CreateMutexW
WriteFile
LoadLibraryW
CreateEventW
CloseHandle
GetSystemInfo
LocalSize
GlobalFree
GetPrivateProfileIntA
LocalFree
ReleaseMutex

advapi32

ClearEventLogW
InitializeSid
RegDeleteValueA
IsValidSid
CloseEventLog
RegCreateKeyExW
CreateServiceW
ControlService
RegEnumKeyA
IsTextUnicode
RegCloseKey
IsValidSecurityDescriptor
RegQueryValueW
InitializeSid

iernonce

InitCallback
InitCallback
InitCallback
InitCallback
InitCallback

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ