69b933a694710f8ceb314dc897a94cbe_JaffaCakes118 | Triage

Sharing

General

Target

69b933a694710f8ceb314dc897a94cbe_JaffaCakes118
Size

176KB
MD5

69b933a694710f8ceb314dc897a94cbe
SHA1

72bee8f42fbf766877a0258ba73820645ce2c23c
SHA256

07bed9baa42996bded75dacf5c2611ba5d3a3f19b8588ea734530f74c2586087
SHA512

a57352c9a48e218f4554e00433b21fd699680ff8d75a3aac3bff08a5365dfc8fa085a2806edc369d7601ee71d01b22a522ebeaee858f16a02e2f987b8de1c0a6
SSDEEP

3072:NpWENLwBjHncgRjSWom7mVLqJnzbdpBVXwEGFL14fh:DLsn53oDVLezbdfGT4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
69b933a694710f8ceb314dc897a94cbe_JaffaCakes118

Files

69b933a694710f8ceb314dc897a94cbe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b845c63bf4a36b7425c05627a65094e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidSubAuthority
RegDeleteKeyA
RegQueryInfoKeyW
InitializeSid
GetLengthSid
InitiateSystemShutdownA
LookupAccountNameW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegRestoreKeyW
RegConnectRegistryA
LsaFreeMemory
GetSidIdentifierAuthority
ChangeServiceConfigW
ReportEventA
SetFileSecurityA
RegOpenKeyExA
MakeAbsoluteSD
CloseServiceHandle
GetAce
CreateProcessAsUserW
OpenThreadToken
AllocateAndInitializeSid
SetFileSecurityW
EnumDependentServicesA
OpenSCManagerA
GetKernelObjectSecurity

kernel32

FlushViewOfFile
HeapWalk

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ