56172f8df2d74c5a212d95ff602f82b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56172f8df2d74c5a212d95ff602f82b5_JaffaCakes118
Size

376KB
MD5

56172f8df2d74c5a212d95ff602f82b5
SHA1

2f92a0ad8d8060017e9c69dcc55b94cd5fd52d81
SHA256

9ac70285a7f78c67c45d7470982710a089d13cfafb89713ccffe260845611918
SHA512

7d4d0cd101ade06c74812872072949868c2e0803e05bb2e94ea3b7af9ef28cd6e55c97558127b44376958b2cdf1f404b4dd094ddcaf11b527894c472bf40d4d4
SSDEEP

6144:tfMs7W+OC/1EOnfWIcCSm7xhxVVQXDiCpcCkx+rQ86FRMePFRbk6thAsM:Vv7WeNtfWXClxhxVVQppexd8sRbbkSAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56172f8df2d74c5a212d95ff602f82b5_JaffaCakes118

Files

56172f8df2d74c5a212d95ff602f82b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e051c8b7fefcd44e3f8db4dcdd82230c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Value\A.pdb

Imports

kernel32

lstrcatW
lstrcpynW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
MultiByteToWideChar
VirtualQuery
VirtualAlloc
GetVersionExW
GetVersion
GetModuleHandleA
Sleep
UnhandledExceptionFilter
GetStartupInfoW
WriteFile
GetLastError
SetFilePointer
DeviceIoControl
InitializeCriticalSection
SetLastError
DeleteCriticalSection
GetFileAttributesW
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetStartupInfoA
GetSystemTimes
CreateFileW
ExitThread

user32

IsChild
GetWindowModuleFileNameA

advapi32

RegEnumKeyExA
RegDeleteKeyA

msvcrt

wcsrchr
memmove
printf
free
wcslen

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE