0bfb86a7d08432dfe07f2614bcaa9e42_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bfb86a7d08432dfe07f2614bcaa9e42_JaffaCakes118
Size

8KB
MD5

0bfb86a7d08432dfe07f2614bcaa9e42
SHA1

e7adaa1db6e48dcf85aba26522ad78515321a42f
SHA256

cb2c80681ae2074756a37c12af9a6ca05135ccbbc7a343a034a9a0eec3ec602e
SHA512

282647b6531a458ef0590c7af6ea316ad4cd5fea4dcc9c47f4f53cc6cacd10a193e4d676cd5b39ead0b4df3b59a7bb7b84553c900f61bfc59a801be647f12136
SSDEEP

192:+CwTWrqO0Xr8ezFblS2imwVrHTCwEOvenF:gSrqOMvOmwV7TC9Ove

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bfb86a7d08432dfe07f2614bcaa9e42_JaffaCakes118

Files

0bfb86a7d08432dfe07f2614bcaa9e42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

41082a1a10daffea88c13603c9756ad2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
MessageBoxA
FindWindowA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
MsgWaitForMultipleObjects

kernel32

GetStartupInfoA
CreateProcessA
WaitForSingleObject
HeapFree
OpenProcess
GetModuleHandleA
VirtualFreeEx
RtlMoveMemory
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GetProcessHeap
ExitProcess
HeapAlloc

shell32

SHGetSpecialFolderPathA

urlmon

URLDownloadToFileA

ntdll

RtlAdjustPrivilege

msvcrt

modf
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
sprintf
_ftol

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE