1482780d566fe746ac1e804b79387ff0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1482780d566fe746ac1e804b79387ff0_JaffaCakes118
Size

58KB
MD5

1482780d566fe746ac1e804b79387ff0
SHA1

1842bf2a9d9678e2b1602e8ed2a2628563a2548b
SHA256

3aab61fa7f23132e33d99517ec38bde1042cc22b16699e2ee0cf4db5715c4183
SHA512

33e1632a3c6427494aac17ec644a4812c0937c486fb58cfe3ea8147645d152047174ae4cd8695ef3d3f8f55ed5b81f5d104b035bdb5b2c838210cc04a9ad3292
SSDEEP

1536:A0H6QjY2fuZC5Z050XRcg5mWAldEzMNWySSQWa:AolBfT5AldhNWeQv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1482780d566fe746ac1e804b79387ff0_JaffaCakes118

Files

1482780d566fe746ac1e804b79387ff0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76ded81cc854685cc5a181d597e05d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
GetProcessHeap
GetModuleHandleA
SetFileAttributesA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
GetProcAddress
GetModuleHandleW
VirtualAllocEx
OpenProcess
GetCurrentProcessId
ReadFile
lstrcpyA
CreateFileA
WriteFile
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
GetCurrentProcess
CompareStringA
lstrlenA
CreateProcessA
lstrcatA
GetSystemDirectoryA
SetFilePointer
GetFileAttributesA

user32

wsprintfA

gdi32

GetStockObject

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ