2431ac12a132145ffb8cb6b7dbdff794_JaffaCakes118 | Triage

Sharing

General

Target

2431ac12a132145ffb8cb6b7dbdff794_JaffaCakes118
Size

5KB
MD5

2431ac12a132145ffb8cb6b7dbdff794
SHA1

42be4348a7b5beaad3ea807a7692b20829701201
SHA256

f2978a3e0ac5030f1485b8e21774a11a23a308be1ced05a60fa6ca4854a87583
SHA512

dd93a91aa473564f07646f62c485ca46c2455edc91c884654325c74fc5d3df200f49fc505511eb19b40db069444f2181a56960db5959f12b246e160007007f75
SSDEEP

96:LYWnBfWRRAp1cbNe5rSA6PQqbhyZKEV/7no:EW1Wzo66rSVQshyUEpno

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2431ac12a132145ffb8cb6b7dbdff794_JaffaCakes118

Files

2431ac12a132145ffb8cb6b7dbdff794_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18b9d5b7c656f95ef3821a2ed9bb1ead

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
CreateRemoteThread
GetProcAddress
Process32Next
WriteProcessMemory
VirtualAllocEx
lstrlenA
OpenProcess
Sleep
GetModuleFileNameA
GetModuleHandleA
GetFileAttributesA
ExitProcess
TerminateProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind
GetStringTypeA
GetStringTypeW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ