0fab1ab9723ba92a6e3664f193362afe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fab1ab9723ba92a6e3664f193362afe_JaffaCakes118
Size

21KB
MD5

0fab1ab9723ba92a6e3664f193362afe
SHA1

43a54e205a93bc0990c26b9816b2589a551ac65f
SHA256

f54f7ef1067147988980a717189a208e0de4c5a528db5147d9995ac3093cbc70
SHA512

d1e962ec67ba8d461d339f1cbf90146c4d7412e1a752ae60c9d8a14487120ef1e94cabdbe52bcd3cb6d1ac21fbd29c35b6abaa37345b8fd592a01419ff450b23
SSDEEP

384:kiLDLGXrKzpllHiFEh801dvGp/Sn7YC1n+oI1FnulQycoHW:PLp1PiF3p47xnrl8R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fab1ab9723ba92a6e3664f193362afe_JaffaCakes118

Files

0fab1ab9723ba92a6e3664f193362afe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ec79fd8b244642a3a7ab96fe5c1fa410

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetFileTime
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleA
GetProcessHeap
ResumeThread
GetPriorityClass
OpenProcess
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
GetProcAddress
FreeLibrary
GetVersionExA
GlobalMemoryStatus
CloseHandle

user32

CharLowerA

advapi32.dll.

OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ