0ada442ee079a305251f18004955ebeb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ada442ee079a305251f18004955ebeb_JaffaCakes118
Size

3KB
MD5

0ada442ee079a305251f18004955ebeb
SHA1

82ca4b8718aac4ff79c2a6ba77bbf6df27719318
SHA256

c7a0fa9e1fd2cb7402b614d937493b77d56877fcdb38e0d0fb93aa52dbe3dc0e
SHA512

e2bd2ce3f25bccffdb6856b6cd7998e63667e4ad1c1511a5d8a7458f45646574c1cc79b3ec16b050a44740108a8c26f3590cd49d1597dcccbfdd3354eaa2c559

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ada442ee079a305251f18004955ebeb_JaffaCakes118

Files

0ada442ee079a305251f18004955ebeb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66eead2284397e54cbb8a67f84fe024a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
DeleteFileA
lstrcpyA
lstrcatA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
ReadProcessMemory
GetThreadContext
CreateProcessA
TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
lstrcmpiA
GetModuleFileNameA
ExitProcess
GetCurrentProcess

user32

MessageBoxA

urlmon

URLDownloadToFileA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE