ed243315bf6ac18520a1a4f79030d245_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed243315bf6ac18520a1a4f79030d245_JaffaCakes118
Size

5KB
MD5

ed243315bf6ac18520a1a4f79030d245
SHA1

52ead611f41fe36ded15b9c7938ce62d6b0630fb
SHA256

bb0997cc6406d4485dc93c191d9936b01388f5a6a8679229bc15e9548dcd5803
SHA512

d8271ff6fcdd5708ce8e30f15b04c237eb3ee5cc30bcd8d2370c4ac84d676d88c76fe58c128eb4c3175c099fb3cd767da8878a83fbf251364af13cd9efa6ba85
SSDEEP

48:6f7/FQ82EO3ePkDXHEw1dOOtR5rLRSRFde0qlHMyy6qTc5uwhTpBs+ldCJqphDEI:h8hQDXk0d3zPRiwyyyTl+TpW+ldFDH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed243315bf6ac18520a1a4f79030d245_JaffaCakes118

Files

ed243315bf6ac18520a1a4f79030d245_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e626a343d3a7000515f990c5e44eb9d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

kernel32

OpenProcess
lstrlenA
lstrcmpiA
WriteProcessMemory
CloseHandle
CopyFileA
CreateToolhelp32Snapshot
ExitProcess
GlobalAlloc
Module32First
Module32Next
MoveFileA
MultiByteToWideChar
OpenFile
Process32First
Process32Next
ReadProcessMemory
RtlMoveMemory
RtlZeroMemory
SetFilePointer
VirtualProtectEx
VirtualQueryEx
WideCharToMultiByte
WriteFile

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE