f886e33aaf55a02c1217324c61b23fc3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f886e33aaf55a02c1217324c61b23fc3_JaffaCakes118
Size

7KB
MD5

f886e33aaf55a02c1217324c61b23fc3
SHA1

c996f9ac404eaf4e2a6cb11a0035251449ec9c79
SHA256

7a43376668ad32db93aa6b478e2a6944b9fe17a764d866e1c8c4207c7744b97c
SHA512

7e9972dae8d896b1e7643f3726ac6c174b1e5dce28aad47346972d0d13700d11134c80efe424507da3e18fe7c4564b00c6d53386e9a6d9847b88dcdff316f809
SSDEEP

96:LEGIOKVqdu1/FrQ4C9kUxzM3BuCFJ3UKSjaRCNCgxJAd1oE1490c7/K4Tywv/vc:pI/itJGBr2KS8Cn7Ad1HI77+wv/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f886e33aaf55a02c1217324c61b23fc3_JaffaCakes118

Files

f886e33aaf55a02c1217324c61b23fc3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b74fa951f0503ed4d50e693eb69c68a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
lstrcatA
CloseHandle
lstrcpyA
GetCurrentThreadId
GetProcAddress
VirtualQuery
InterlockedExchange
ExitProcess
CreateEventA
LoadLibraryA
CompareStringA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
GetProcessHeap

user32

DestroyWindow
CloseWindow

advapi32

RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE