21eb79f6af8c43a9a721750965e34ae9_JaffaCakes118 | Triage

Sharing

General

Target

21eb79f6af8c43a9a721750965e34ae9_JaffaCakes118
Size

27KB
MD5

21eb79f6af8c43a9a721750965e34ae9
SHA1

1c93edff294cba8d92ad17a5985bb027d40dd4ba
SHA256

250409ad1e344d76d042b88483fadc60d01f3cc41bf0f4db0beccd3129beccd3
SHA512

822b6d8e885c183b6a113fee7ce75c3b7ef38734615fdcb4f6bf6f716d74c4f389ae28bcf5522e9054a972ed77575820b868b3715997313f64186d954427ee6f
SSDEEP

768:NqoEQfen6Ly3noeQuRwZDey00WBGkxWaf4raXCZ:NiQfenZ3oejwZDe/hQ2Wagv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21eb79f6af8c43a9a721750965e34ae9_JaffaCakes118

Files

21eb79f6af8c43a9a721750965e34ae9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b1d1e719212c4f5dbb4d5f32ff945de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
Thread32Next
Thread32First
OpenProcess
VirtualAlloc
VirtualFree
LoadLibraryA
ExitProcess
GetCurrentThreadId
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CreateThread
GetLocalTime
GetModuleHandleA
WriteFile
CopyFileA
DeleteFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
TerminateProcess
CreateEventA
OpenEventA
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
Sleep
GetCurrentProcess
GetProcAddress
CloseHandle
GetStringTypeW

user32

GetInputState
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EnumThreadWindows
GetClassNameA
GetWindow
FindWindowA
PostMessageA
GetWindowTextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RwDat
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE