JaffaCakes118_14c5c223f563c28c44974b440daab1d3 | Triage

Sharing

General

Target

JaffaCakes118_14c5c223f563c28c44974b440daab1d3
Size

182KB
MD5

14c5c223f563c28c44974b440daab1d3
SHA1

226e4cc01b6d5bf8e9fa68d2248cdd19e4552fa4
SHA256

cdbc3dbe90cc1723a4ed36a1ea6e1721cfbcb782b08bf2b9ac3c5e58244da66d
SHA512

a141fcf364e8d42acf40875e01ef8faf7f6df6ba418eb6316fe0ba752f5cd32dc442aef0715421aa5d12aee151bfb7db80e0553dea0c88e7df834be1a2b4c7e6
SSDEEP

3072:CzSMe5SubW2NYWV9xfbwwy1b4hcUXgyjFRdM1478jFW2/Y:uSMraWTyMbYlLjFjM7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_14c5c223f563c28c44974b440daab1d3

Files

JaffaCakes118_14c5c223f563c28c44974b440daab1d3
.exe windows:4 windows x86 arch:x86

1c9f6044062d68105d28bde2bb5dbe25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
TlsSetValue
GetLocaleInfoA
WriteConsoleW
DebugBreak
HeapReAlloc
EnumSystemLanguageGroupsW
GetStringTypeW
OutputDebugStringW
LCMapStringW
LCMapStringA
IsValidCodePage
GetTimeZoneInformation
CompareFileTime
GetStringTypeA
GetCPInfo

winmm

sndPlaySoundA

advapi32

IsValidSecurityDescriptor
GetUserNameA
InitializeSecurityDescriptor
AddAce
QueryServiceStatus
LookupAccountSidA
DuplicateTokenEx
SetSecurityDescriptorOwner
GetSecurityDescriptorLength
PrivilegeCheck
RegOpenKeyExW

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

oleacc

CreateStdAccessibleObject
ObjectFromLresult

oledlg

OleUIBusyW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ