2d9157f68a5e26c02f44ae9b1cefc80b_JaffaCakes118 | Triage

Sharing

General

Target

2d9157f68a5e26c02f44ae9b1cefc80b_JaffaCakes118
Size

6KB
MD5

2d9157f68a5e26c02f44ae9b1cefc80b
SHA1

ce3ffa45308ed49b431fecfaf1487c87a512ff37
SHA256

1d6e7d0e16d3e6afeb12fefe8fdb66d83ebea1014e83ed5746051b2bc848dabc
SHA512

e99a617bf1c0734f6a04a2dcf1a56e8c740ec9ac741cff48be653cb64f83d2291e6a3bcf845dedbfd1a625f7ec090e016e507d1a17a90b5f81782431f27e37e9
SSDEEP

96:3bIWm7+VaqdNVg/NsVR+CTahW3/M220cZMrQH2TYedMqay:3UWhxN2NsVR+CTaq//20cZAQH2TYedB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9157f68a5e26c02f44ae9b1cefc80b_JaffaCakes118

Files

2d9157f68a5e26c02f44ae9b1cefc80b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3dcea16301f0cdf543bc58e572c169f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
CloseHandle
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
GetCurrentProcess
CreateRemoteThread
OpenProcess
LoadLibraryA
GetLastError
GetProcessHeap
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
DeleteFileA
GetTempFileNameA
GetTempPathA
GetTickCount
Sleep
ExitProcess
lstrlenA
VirtualAlloc

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE