07c3cd67bc3a6df2e3fc94106a1227dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07c3cd67bc3a6df2e3fc94106a1227dd_JaffaCakes118
Size

14KB
MD5

07c3cd67bc3a6df2e3fc94106a1227dd
SHA1

e799ed100fc37de62f42aa1be415ee220ade5aad
SHA256

b73d0ef9f34410019a92b37ded9cf16a514064edb8e141affe016457db247df2
SHA512

1fc8704229cb2c6c8cb1f98d6ad73ec0f62da5998c89d60e5fdb60c2ffc53ae5d421ad08763aebe20ade99b82c86d95fc7ee7991cabec29852e80c32b3eacc34
SSDEEP

192:cJ8zfPHG80kla6j3ALaXXaPYoiky3LLnd+aJ6XUXnkg0elMTTwq:3f+sH0LnJTy3Lwtmnkg0eynF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07c3cd67bc3a6df2e3fc94106a1227dd_JaffaCakes118

Files

07c3cd67bc3a6df2e3fc94106a1227dd_JaffaCakes118
.exe windows:1 windows x86 arch:x86

54494fa10e3babc3fb41509ec36143a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFile
Thread32Next
lstrcmpiA
WriteFile
OpenProcess
ExitProcess
VirtualAlloc
GetCurrentThreadId
DuplicateHandle
VirtualFree
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
CreateFileA
Sleep
ReadFile
DeleteFileA
lstrcpy
LoadLibraryExA
GetSystemDirectoryA
OpenThread
lstrcat
CloseHandle

ntdll

NtQuerySystemInformation
NtCreateSection
NtConnectPort
NtQueryObject
NtQueueApcThread
RtlAdjustPrivilege

msvcrt

wcsstr
wcslen
_strnicmp

Sections

.code
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE