061c3a9f2b5c014f5a7c395546df53c5_JaffaCakes118 | Triage

Sharing

General

Target

061c3a9f2b5c014f5a7c395546df53c5_JaffaCakes118
Size

4KB
MD5

061c3a9f2b5c014f5a7c395546df53c5
SHA1

e03722863076b86cd5daec3285f4be2fe383df61
SHA256

d9a214e7287125a8e0ed8224f5be19fbc5276033278c8219a2f7956d1370d6c7
SHA512

cfe321c6ffc7d967efbf64062c6fb88e5eb9eb1d50a7d917b7bf1518c12ab9871d9d95e3828f5b63970dbdfbcce0ed10d8dd346d496785e7e31246da6c29c439
SSDEEP

48:aDwXQveS5BNrPaKS0nCYJlBa/x1xAlMhQ4OEkpT1Z+ELRv8zP4oyl1Up0dn:5XmnS0nCYJlyUWYA6kP4oynU6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
061c3a9f2b5c014f5a7c395546df53c5_JaffaCakes118

Files

061c3a9f2b5c014f5a7c395546df53c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

041d665399223849a44e3ff661eb76eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
Process32Next
OpenProcess
CloseHandle
GetStartupInfoA
CreateToolhelp32Snapshot
GetModuleFileNameA

advapi32

OpenProcessToken
RegCreateKeyA
RegSetValueExA
RegCloseKey
CreateProcessAsUserA

msvcrt

_strupr
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE