2ebea5770f4147e7da10f8cc20ae6bd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ebea5770f4147e7da10f8cc20ae6bd2_JaffaCakes118
Size

4KB
MD5

2ebea5770f4147e7da10f8cc20ae6bd2
SHA1

3a82c44fa08264df710acf5bc7e277f5af0a13de
SHA256

2ebc9f24c1826b254d4ae6d5ffea1b69dbca77a6eadf28f6bc13bdab14d2a0ff
SHA512

1b0adba72e9cb0f2dd5939fbbf87168a83dbd598a790f7b2ce861c51db1b0749a93a3192cd0cfeb57fe793158fabdfb02babb845fbf7c480c31405059ae40926

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ebea5770f4147e7da10f8cc20ae6bd2_JaffaCakes118

Files

2ebea5770f4147e7da10f8cc20ae6bd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8947d82487f1ba0ebae85c6508a6caf7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
GetVersion
LoadLibraryA
ExitProcess
Process32First
Process32Next
Sleep
VirtualAllocEx
WriteFile
lstrcmpiA
lstrlenA
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateProcessA
CreateFileA
OpenProcess
CloseHandle

user32

wsprintfA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE