048a75f2fd72d534fbae2cedc2832b98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

048a75f2fd72d534fbae2cedc2832b98_JaffaCakes118
Size

20KB
MD5

048a75f2fd72d534fbae2cedc2832b98
SHA1

f544c85904adddd3d836d3a9c9cffb6b6029b14c
SHA256

1dc3ad5550d4fc8a349243b77dea47ec06f6356cbfd096ca078740083516d171
SHA512

7603b6e3f421011f6da04b77c8b96ee9bba65e73631f4df7eadf29f6e025a1de098c2f1de1fbe76333124a4e14338d9a664ab067e03882ed8e16c710e72cf0e3
SSDEEP

384:4quxDZdhOt9MW/8AoWZPyehqeQ7CZWm2txHKaWKDEWT:apZdhOt92AbzmLjzR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
048a75f2fd72d534fbae2cedc2832b98_JaffaCakes118

Files

048a75f2fd72d534fbae2cedc2832b98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9fea3de9773bdfd6311986e6a527827f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
WinExec
GetModuleFileNameA
GetWindowsDirectoryA
WriteFile
GetProcAddress
LoadLibraryA
CreateFileA
GetTickCount
GetTempPathA
GetSystemDirectoryA
Sleep
GetPrivateProfileStringA
lstrcatA
DeleteFileA
DuplicateHandle
GetCurrentProcess
FreeLibrary
CloseHandle

user32

wsprintfA
MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt

atoi
_stricmp
_except_handler3
strrchr
_itoa

netapi32

Netbios

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ