265f5e3d1945caae0c5fa02d1aa4a6f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

265f5e3d1945caae0c5fa02d1aa4a6f2_JaffaCakes118
Size

11KB
MD5

265f5e3d1945caae0c5fa02d1aa4a6f2
SHA1

9709cc9c4550955c1cb7b8a6dd1994652de79b66
SHA256

f9fbb7947ba74074f95b77e5e0036d7cc22bdc984c7e7a81ec4af58e07c0040a
SHA512

0f4f54e474dfc622c179921325eaa8271462e43190b9ef2d6990335bc388eff1b43b3920c88d15739d6c98c2f5d4816c18a64397dce64b1b019a96b61c20cc76
SSDEEP

192:foXiDPomvIbsnyuFaT3nH/iMtOJR07jwEWx+ojYhDvwOXFGIzrq6G9:wXiDomAwnhtRCeYhrwO1vzzI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
265f5e3d1945caae0c5fa02d1aa4a6f2_JaffaCakes118

Files

265f5e3d1945caae0c5fa02d1aa4a6f2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d6476a334ef278478dcb230eef476e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Администратор\Documents\Visual Studio 2008\Projects\MTR\Test2\Release\mtrsurs.pdb

Imports

kernel32

GetFileAttributesA
DeleteFileA
Sleep
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
WinExec
ExitProcess
GetVersionExA
CopyFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind

user32

SendMessageA
FindWindowA
PostMessageA
RegisterClassA
CreateWindowExA
ShowWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
KillTimer
GetKeyState
GetAsyncKeyState
CharLowerBuffA
DefWindowProcA

advapi32

OpenServiceA
DeleteService

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ