1c740b9b07ae7c8c7f8335901fac3088_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c740b9b07ae7c8c7f8335901fac3088_JaffaCakes118
Size

30KB
MD5

1c740b9b07ae7c8c7f8335901fac3088
SHA1

27f64a5f67911dad3bb1245baa73574cec657e6a
SHA256

1716d82d61d0837ef0942a69818b8663b397f1d823008d3192b28f7501087ed3
SHA512

5e4de64b899fc759dc09ad88df846558da60a6f7e0068902f543d34504270cde7dd13c91d8c0562d0a36ab8aee38a8bd8f173d1cba4a55e52f7eba4c7fade0a4
SSDEEP

768:/vlLBdBVltSya/awwZzpfn1WjLc2IxHUw0mQMGy5:/vhB9blWabnv0jfmH3Gy5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c740b9b07ae7c8c7f8335901fac3088_JaffaCakes118

Files

1c740b9b07ae7c8c7f8335901fac3088_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2550fcc0100cc2c5b2926f743f0a9b5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__getreent
__main
_impure_ptr
atoi
calloc
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
getopt_long
kill
malloc
optarg
opterr
optind
optreset
perror
printf
puts
realloc
sprintf
strcmp
strrchr
strtol
strtoll

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
GetCurrentProcess
GetLastError
GetModuleHandleA
OpenProcess
TerminateProcess
WaitForSingleObject

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE