e873546e894fbc98d95246d333db3311_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e873546e894fbc98d95246d333db3311_JaffaCakes118
Size

77KB
MD5

e873546e894fbc98d95246d333db3311
SHA1

cfc4932d06c60002a0dbbd6306e19478bc7f9e4b
SHA256

71f6dce4218c86de9797bf8ed283cb9c896bf3547f14edf652b0b2abf7203f9a
SHA512

8e6a0af8632f0d3e5237c20ef2e79b010b081e61b0bdbfde59d26fab3027eac4ba88a56b8f206237b46396c66c3473c432eb861ab141691cb2ee659be8da7d66
SSDEEP

768:/1CygcUQzzcVYsaf3i9AF+0Y324jAmDpwFlxve79MNd3GQGebW+Ad2G:9CJ2AViPPhYaIpcvsMNd3SP+Ad2G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e873546e894fbc98d95246d333db3311_JaffaCakes118

Files

e873546e894fbc98d95246d333db3311_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60005618b130c5841662a0d2cf246146

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
GetProcAddress
GetModuleHandleW
VirtualAllocEx
OpenProcess
GetCurrentProcessId
ReadFile
lstrcpyA
CreateFileA
WriteFile
GetModuleFileNameA
LoadResource
GetCurrentProcess
CompareStringA
lstrlenA
CreateProcessA
lstrcatA
GetSystemDirectoryA
SetFilePointer
GetFileAttributesA

user32

wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ