54b9a81f496aef2a1a637c02847526fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54b9a81f496aef2a1a637c02847526fc_JaffaCakes118
Size

404KB
MD5

54b9a81f496aef2a1a637c02847526fc
SHA1

309f5423029e564ccee1ae9de295a5888792a635
SHA256

0192e7609cf1c777ff897a7814941db82df23623f100ee9f3fa4fe7409246d43
SHA512

155959ca41079a0e3d13cb7d8b5aaef62d0b273c6b5d2cb0aad15793fde478cd515f532ffc4425089898a15c0b83abb56c8eff2e3e2597918afdd5fd802151bc
SSDEEP

12288:i2iGCIVoEKHuotAHCu1uU/5BKTFewb0qY085A2g:iiCIVoEKHuotc33KRH808S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54b9a81f496aef2a1a637c02847526fc_JaffaCakes118

Files

54b9a81f496aef2a1a637c02847526fc_JaffaCakes118
.exe windows:17071 windows x86 arch:x86

061880eddf9514fc4ea9a616a2de73dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyW
OpenThreadToken
RegQueryValueExA
GetLengthSid
RegQueryValueExA
RegEnumValueW
CloseServiceHandle
AddAccessAllowedAce
OpenThreadToken
OpenThreadToken
AddAccessAllowedAce

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
ExtractIconExW
ExtractIconW
DragQueryFileW
ExtractIconW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderLocation

gdi32

DeleteDC
PatBlt
GetDeviceCaps
ExtTextOutW
MoveToEx
GetTextMetricsW
CreateFontIndirectW
CreateCompatibleDC
GetStockObject

kernel32

LoadLibraryA
GetModuleHandleA
ExitProcess
LocalFree
LocalAlloc
GetCurrentProcess
MultiByteToWideChar
VirtualAlloc

user32

LoadStringA
CreateWindowExW
PeekMessageW
IsWindow
DialogBoxParamW
CopyRect
MessageBoxA
EndPaint

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ