36ba2a8ddbb428380f6997f1f5b14fbf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36ba2a8ddbb428380f6997f1f5b14fbf_JaffaCakes118
Size

9KB
MD5

36ba2a8ddbb428380f6997f1f5b14fbf
SHA1

73fc3ed7312a2ce660c57b222a0376cc1c1e159c
SHA256

62727e1d1996e6ad500263e9cf9696ea6f811f79e6ecadd75a3d7d76f5e1406f
SHA512

2877c32d8d91045b34f8f14acbd1615314d39a4ae2d7dc391bf1fad871e69182826c83854dc690078755a2698a83fb566d98abe75ebb163e037d0c91e907fa15
SSDEEP

192:2IJv6nHjVI3M+VK8Sm5WkyWXnQn2/l0nI6xW4ZRtQX2T:j2+M+VK8S/kyWl0jxW4CX2T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36ba2a8ddbb428380f6997f1f5b14fbf_JaffaCakes118

Files

36ba2a8ddbb428380f6997f1f5b14fbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75428e6e0f25e65381110d7e9bc38651

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
WinExec
GetLocalTime
CopyFileA
lstrcmpA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
CreateMutexA
GetCurrentProcess
CreateRemoteThread
GetCurrentProcessId
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
GetLastError
CloseHandle
ExitProcess
GetCurrentThreadId
lstrlenA
CreateThread
GetComputerNameA
lstrcpyA
GetSystemInfo
Sleep
GlobalMemoryStatus
OpenProcess

user32

PostThreadMessageA
GetMessageA
GetCursorPos
GetInputState
ExitWindowsEx

advapi32

GetUserNameA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegCreateKeyA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExA

ws2_32

gethostname
WSACleanup
recv
WSAStartup
inet_addr
htons
gethostbyname
socket
connect
send
WSAGetLastError

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

msvcrt

printf
strstr
sprintf
atoi
free
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
fopen
malloc

Sections

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE