058d423645eaed3dab3b9ecb802a6664_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

058d423645eaed3dab3b9ecb802a6664_JaffaCakes118
Size

216KB
MD5

058d423645eaed3dab3b9ecb802a6664
SHA1

05837d97f9388cd7d0adee441cd43ec78a37283b
SHA256

d4361c0cc64335492f86c6b4543e8bcb3d9a6033d2a63e221edc47bf8c197e06
SHA512

f0f8a99c258d9be80ea91c91d746b2d7a33837923238c17d94d05dc77e7388b7e4748017e3f46cca791cb32f93db5f8da0aae600bc46611c6a7d838c87d5045f
SSDEEP

3072:y+a0tNuBp/YIDqobOlqVLBBjAg79G1T65ZF8p5uGvPEDRRQLUMPZU2GdH8CN9uiZ:y/0tNuBSID4AVdVAWF8p5u2ECPZzCN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
058d423645eaed3dab3b9ecb802a6664_JaffaCakes118

Files

058d423645eaed3dab3b9ecb802a6664_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12d668dcf01daa7da507d33d0f6ca64d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
CreateFileA
LoadResource
FindResourceA
SetFileAttributesA
WriteFile
GetSystemDirectoryA
GetVersionExA
Sleep
WinExec
GetModuleFileNameA
Module32First
Module32Next
OpenProcess
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetCurrentProcess
GetLastError
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
lstrcatA
CloseHandle

user32

IsWindowVisible
GetWindowThreadProcessId
SendMessageA
EnumWindows
wsprintfA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AbortSystemShutdownA
LookupPrivilegeValueA

msvcrt

_except_handler3

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ