ff3ea13b90df117a2918195361a80b29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff3ea13b90df117a2918195361a80b29_JaffaCakes118
Size

10KB
MD5

ff3ea13b90df117a2918195361a80b29
SHA1

d6e21edecbf71a5138f34b5806df1e5d7ab21ff3
SHA256

14cb3aa810bceed0b14a2ab949bcc2304cebe500cf6404adde849f6bae600305
SHA512

ebb149d403dc4061c3a60011163d03d5139bd9b2e705ac7ef3df248a7fa0b6a9255463c3fe92d060490b3930e10c495c6ef4193f991f493de41c355d0316cc43
SSDEEP

192:+OnKQHMrjiRr0DR0xTgQsEB+E9ASjqvDcXTvYIA:+OhqjitKRIs4+7x6TvYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff3ea13b90df117a2918195361a80b29_JaffaCakes118

Files

ff3ea13b90df117a2918195361a80b29_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7899df8ab717ea98c576487da7c95ec3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FindFirstChangeNotificationA
FindFirstFileExA
FreeEnvironmentStringsW
GetBinaryType
GetNamedPipeInfo
GetVersionExA
GlobalMemoryStatus
IsValidLocale
PulseEvent
SetSystemTimeAdjustment
SetThreadContext
Toolhelp32ReadProcessMemory
VirtualProtect
lstrcmpi

advapi32

AdjustTokenPrivileges
BuildImpersonateExplicitAccessWithNameA
CancelOverlappedAccess
CryptGetKeyParam
DuplicateToken
GetNamedSecurityInfoExA
GetSecurityInfo
InitializeSecurityDescriptor
NotifyChangeEventLog
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmA
OpenProcessToken
RegGetKeySecurity
RegSetValueA
ReportEventA
SetEntriesInAuditListW
SetSecurityDescriptorSacl

user32

CallMsgFilter
CharUpperW
DdeCreateDataHandle
GetClipCursor
GetGUIThreadInfo
InsertMenuW
IsWindowUnicode
RegisterClipboardFormatW
RegisterSystemThread
RemovePropW
SetDoubleClickTime

Sections

.text
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE