54cb7435cb5c7bafd7bf8b19d5bd3564_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54cb7435cb5c7bafd7bf8b19d5bd3564_JaffaCakes118
Size

311KB
MD5

54cb7435cb5c7bafd7bf8b19d5bd3564
SHA1

9638636a33d1a438d3a851b5e09deee7642a71cc
SHA256

8ecc8907d8c566fa6215f36717e9ead8f84cb5bf3681b51376616cabe3575696
SHA512

38ab202784169bc2cb022d4d307d609855ffa62c4234d07560d1476f5d22336771dd87e6e1937d682f9732767bb4cbd5ca96280e23b6f409d78ac3a618c64846
SSDEEP

6144:x+0sZtDueDCeoesy6JMzZZjVD8McXcDZI7YTohZpbLCBrkMz5y4m2qRejuQx1bNO:x+0sXDuQJioH67XBYoRLCBAsTPj3caA3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54cb7435cb5c7bafd7bf8b19d5bd3564_JaffaCakes118

Files

54cb7435cb5c7bafd7bf8b19d5bd3564_JaffaCakes118
.exe windows:5 windows x86 arch:x86

384826d786a0a7a930bac26246641d00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteFileA
CreateEventW
CreateEventW
GetProcessHeap
GetPrivateProfileSectionA
CreateEventW
GetPrivateProfileIntW
SuspendThread
lstrlenA
GetDriveTypeA
GetCurrentThread
SetLastError
FindAtomA
HeapFree
VirtualProtect
LoadLibraryW
CreateEventW
GetProcessVersion
GetStringTypeW
TlsGetValue
ResumeThread

clbcatq

ComPlusMigrate
CheckMemoryGates
DllGetClassObject
CheckMemoryGates
DllGetClassObject
CheckMemoryGates
SetupOpen
CheckMemoryGates
ComPlusMigrate
SetupOpen
CheckMemoryGates
ComPlusMigrate
SetupOpen

pdh

PdhAddCounterA
PdhGetLogFileSize
PdhGetLogFileTypeA
PdhCloseLog

Sections

.text
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ