0dd54c18a7391e3416b66b881e2dfebf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dd54c18a7391e3416b66b881e2dfebf_JaffaCakes118
Size

10KB
MD5

0dd54c18a7391e3416b66b881e2dfebf
SHA1

b2e6355b81599b7969c8a0bf63ff4d76e25baef1
SHA256

8d37ecb67bcaf818278cc7db9cf0851181e7891f877948b8337abbea1f9c1272
SHA512

50f0618e1a56a4f6f0f181e0072e56c5fe0bab610d8ffb2705e595934d120c917e3630e066405031b7a71786919c0f027e2c9d56f2f69bd8b6efdfbc80b498d7
SSDEEP

192:aSEgcelEWoWfC8TKbL3UhRCWPJ21t/jYP1v01VvhbmdoNgu:eLlWO8dhRCW01tb+v01Vvhbm+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dd54c18a7391e3416b66b881e2dfebf_JaffaCakes118

Files

0dd54c18a7391e3416b66b881e2dfebf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

33a8caf2c1970a6597b4363149a10a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
DeleteFileA
CopyFileA
WriteFile
GetDriveTypeA
GetPrivateProfileIntA
Sleep
WaitForSingleObject
ExitProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileStringA
GetWindowsDirectoryA
WinExec
FindFirstFileA
FindClose
FindNextFileA
GetCurrentProcess

user32

FindWindowA
GetWindowThreadProcessId

advapi32

RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyA
OpenProcessToken

urlmon

URLDownloadToFileA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ