fe46752af6c1ffcd80c5de7479583a51_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe46752af6c1ffcd80c5de7479583a51_JaffaCakes118
Size

51KB
MD5

fe46752af6c1ffcd80c5de7479583a51
SHA1

2a08f1bc155cbe0945ef9897322aabb18385f412
SHA256

3088669d7a27d0ea3fc1dcb01b7ff3bcdb651972b51dcf0134ac0c941230cdea
SHA512

0728f146727d79e2a0bd7dfd71fa148e2e7890a5de33b5f90470c94fee3eff7976dd5bf27b79b355392a8816e74d35931755df1eba6bc952555e032c56ca7992
SSDEEP

768:3KSX8wjxJfWHVWr0h4bqtncS5PZrrx2l0amOe/QuaD7PPTDZLXufm3Xfg9i+j3S7:6SX8ZHc0vcSAGamB/Q/xXyDiGPFe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe46752af6c1ffcd80c5de7479583a51_JaffaCakes118

Files

fe46752af6c1ffcd80c5de7479583a51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce8ef1892d46d7859e77c8be22df9517

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
DuplicateHandle
VirtualAlloc
VirtualFree
OpenProcess
GetCurrentProcess
lstrlenA
GlobalFree
lstrcpyA
GlobalAlloc
ReadFile
GetFileSize
CreateFileA
CreateToolhelp32Snapshot
lstrcatA
GetModuleFileNameA
MoveFileA
GetTempFileNameA
GetTempPathA
GetEnvironmentVariableA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetSystemDirectoryA
ExitProcess
TerminateProcess
Process32First
Process32Next
WriteFile
lstrcmpiA

user32

CharUpperW
wsprintfA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

StrChrA
ShellExecuteA

ntdll

_wcsnicmp
NtQueryObject
NtQuerySystemInformation
memset
RtlUnwind

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE