f0e3b71818126384e1f3474015d685f2_JaffaCakes118 | Triage

Sharing

General

Target

f0e3b71818126384e1f3474015d685f2_JaffaCakes118
Size

24KB
MD5

f0e3b71818126384e1f3474015d685f2
SHA1

dd74d3972c6c470e6d0d820db6b37c1aea165e0e
SHA256

86411aee3b4c3302b769997db537f59cb4eb8dd78560490a4e1e226a83d8fd9a
SHA512

57c7c51aa21903d3e8c1b390e88ba7e7636cf0c8cf9860af8c15ca037338d5521277563f19710d6e96440a2b695bdc3e60eeef2e9ebdd4292bd6ed9c710e2caa
SSDEEP

384:uK4KQbhaKL9MrgjbkJTVrn8QG6IWUlA6v:u9lMUj4JRrn8QG64ld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0e3b71818126384e1f3474015d685f2_JaffaCakes118

Files

f0e3b71818126384e1f3474015d685f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8998a4facbadea9f1f39b61bdcc0aeb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Sleep
DeleteFileA
lstrcpyA
lstrcatA
GetCurrentProcess
GetFileTime
WinExec
SetFileAttributesA
GetModuleHandleW
GetProcAddress
CloseHandle
ExitProcess
GetModuleHandleA
GetCommandLineA
CreateEventA
SetEvent
GetLastError
WriteFile
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
CreateFileA
GetFileAttributesA
GetTempPathA
CompareStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualAlloc
HeapReAlloc

user32

CharToOemA
MessageBoxA
ExitWindowsEx
wsprintfA
IsWindow

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE