02f3a1bd1281ee21e9a4901e8bdd2c1f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02f3a1bd1281ee21e9a4901e8bdd2c1f_JaffaCakes118
Size

5KB
MD5

02f3a1bd1281ee21e9a4901e8bdd2c1f
SHA1

9d04534361b097f958f53698bfe667627dce3602
SHA256

639cb8f8fccac65e13b80f65a3e67f5239659f4bbde8e826473e3235e210e29b
SHA512

3f93937dee4ea05b85a8285c67a9daf27955888f1048924f56e846840a168484e0d0eab43fab39b1dde1d490982661b0357ce642086dfa4764beef44783cea10
SSDEEP

48:S6X6cF4y8Fo0bAeC3hl3RTJSEZbEoGJNIjrBomlj81mwolJIR7itD7vNaka/l:MryWCHhTYE4eBG1w47moka/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02f3a1bd1281ee21e9a4901e8bdd2c1f_JaffaCakes118

Files

02f3a1bd1281ee21e9a4901e8bdd2c1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be3c8f368e9b7d14a689ad6a0af52cc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetModuleHandleA
CreateProcessA
CreateThread
LoadLibraryA
OpenProcess
WriteProcessMemory
lstrcatA
GetModuleFileNameA
GetSystemDirectoryA
GetCurrentProcess
Process32Next
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
CloseHandle
lstrcmpiA
CopyFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA

ws2_32

htonl
WSASocketA
WSAStartup
bind
listen
accept
htons

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ