e92dfe558808974c89816ba0614835e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e92dfe558808974c89816ba0614835e2_JaffaCakes118
Size

56KB
MD5

e92dfe558808974c89816ba0614835e2
SHA1

94306f800a99587d85e2214d2bcf037921764444
SHA256

66a1124c91ad50fcd65aed0e827e3af71690e261a4bf725abd93d2827e867667
SHA512

36f53289f133d19e7dbcb85bf2cb6d5afe2951eac4aa083f39902710b57dfbe8a442eed01b7fff44292d2d789cb15464de08a6828b22bfc552b8259592c4a53b
SSDEEP

768:kmD3WjGSfinileeOEzg/jXCX2NpQIQ+KXOpevZtWLJEtJd/+:kKmSSfzIrCcpQYpeRUE3dG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e92dfe558808974c89816ba0614835e2_JaffaCakes118

Files

e92dfe558808974c89816ba0614835e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d323bf9a1917515a5d5d17b3d073caff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetEnvironmentVariableA
GetModuleFileNameA
GetLastError
GetCurrentProcess
GetModuleHandleA
FreeResource
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
GetProcAddress
FindClose
FindFirstFileA
WriteFile
GetWindowsDirectoryA
SetFilePointer
FlushFileBuffers
GetTempPathA
ReadFile
DeleteFileA
GlobalAlloc
GlobalFree
GetFileSize
SetEndOfFile
FreeLibrary
HeapAlloc
GetProcessHeap
lstrlenA
CopyFileA
MoveFileExA
Sleep
ExitProcess
CreateFileA
CloseHandle
GetSystemDirectoryA
LoadLibraryA

user32

FindWindowA
PostMessageA

msvcrt

strlen
strcpy
memcpy
memset
free
malloc
tolower
??2@YAPAXI@Z
__CxxFrameHandler
rand
srand
time
strncpy
strrchr
??3@YAXPAX@Z
_stricmp

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE