JaffaCakes118_644c8286004e07849b7e5585b09eb9b0 | Triage

Sharing

General

Target

JaffaCakes118_644c8286004e07849b7e5585b09eb9b0
Size

199KB
MD5

644c8286004e07849b7e5585b09eb9b0
SHA1

17a2aae20d784d4f7595dbc96fd0aa2c8305e267
SHA256

88d5a35bf116571216f3c7bf3ca800b004ceaffefe228f5c9b654b3fe47f46c9
SHA512

08781d75f045853b3645110cc9167407215fce5e36f86e052248e547582a6add9f21f01452533dd11b5a3aace42ee625078ea774fe8f180a8e9aa6e375fc8d31
SSDEEP

6144:ViSRcu5Hl4dZIgO4M5TIjrPyrwqTbJkZOKQYiMM:7cuZudmh4M5Tur6sq5P1H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_644c8286004e07849b7e5585b09eb9b0

Files

JaffaCakes118_644c8286004e07849b7e5585b09eb9b0
.exe windows:4 windows x86 arch:x86

d597f1379c04f21fd825e11561fa3ab6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
TlsSetValue
HeapReAlloc
LCMapStringA
OutputDebugStringA
GetTimeZoneInformation
LCMapStringW
EnumSystemLanguageGroupsW
GetStringTypeA
GetStringTypeW
WriteConsoleW
GetLocaleInfoA
DebugBreak
CompareFileTime
IsValidCodePage
GetCPInfo

oleacc

CreateStdAccessibleObject
ObjectFromLresult

oledlg

OleUIBusyW

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

winmm

sndPlaySoundA

advapi32

AddAce
InitializeSecurityDescriptor
PrivilegeCheck
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
GetUserNameA
QueryServiceStatus
IsValidSecurityDescriptor
LookupAccountSidA
DuplicateTokenEx
RegOpenKeyExW

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ