1af8ffac97620ed5b95596de81792761_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1af8ffac97620ed5b95596de81792761_JaffaCakes118
Size

8KB
MD5

1af8ffac97620ed5b95596de81792761
SHA1

35cc85f4eb5788b344d2e9478f6371b61959ab53
SHA256

30ab2f2a9773a882ce4a27dcea058b2644813f47a07694b59014d2de030cfbaf
SHA512

b102f5379425af462130f625951c598d8dbd3e5034610fcde0c60bdcf9fa761a85ca4b2464fb677b297857890eff4cf5a24e1a7b03318913b5d3d80494e3bdb8
SSDEEP

192:WzfR7Z8EB5Jdefm/cGD7fksbWJeAafRepHl3KwCv:ip7qEBPdee/c8xbWJbapef3Kw6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1af8ffac97620ed5b95596de81792761_JaffaCakes118

Files

1af8ffac97620ed5b95596de81792761_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb7115b81d603307e13ca914d9132ff7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryObject
ZwLoadDriver
memset
wcsstr
RtlFreeUnicodeString
RtlInitAnsiString
strstr
strlen
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
vsprintf
memcpy

psapi

EnumProcesses
GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

ws2_32

socket
closesocket
send
htons
htonl
WSAStartup
connect

kernel32

lstrcpyA
DeleteFileA
lstrcpyW
CloseHandle
DuplicateHandle
GetModuleHandleA
GetModuleFileNameA
FindClose
EnterCriticalSection
CopyFileA
VirtualAlloc
GetLastError
FindFirstFileA
GetFileSizeEx
CreateFileA
GetCurrentProcess
VirtualFree
GetWindowsDirectoryA
WriteFile
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
lstrcatA
LeaveCriticalSection
ReadFile
Sleep

user32

CharLowerW

advapi32

RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
OpenSCManagerA
LookupPrivilegeValueA
RegQueryValueExA
RegSetValueExA
EnumServicesStatusA
OpenProcessToken
CloseServiceHandle

ole32

CoCreateGuid

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE