35a44035d39f8498a05495a09ede5ca8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35a44035d39f8498a05495a09ede5ca8_JaffaCakes118
Size

6KB
MD5

35a44035d39f8498a05495a09ede5ca8
SHA1

ea859f7649291fa8174a0aeaa84fac73a0ac30c8
SHA256

2f7fca0f85919b9cf0c4b7d7d6a38606025a883033876beb54fee13602473db7
SHA512

c73e73a24b4b1b263296735d975b1397e643a05821d6f6c74417ecda54c7a3ae5746b1201cc0fa934ac093998078a3cef6451aacd02bbe873ff37e9f19f8fd42
SSDEEP

96:rX3nTcuPtlSj+zdU3D2H4G+5jpL71VZKNc0lb7sd7:LTblEjqUyH4/FLWcib7sd7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35a44035d39f8498a05495a09ede5ca8_JaffaCakes118

Files

35a44035d39f8498a05495a09ede5ca8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

580a565a6f03e182cd4e0155d7511148

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
RemoveDirectoryA
MoveFileA
DeleteFileA
GetModuleFileNameA
Sleep
CloseHandle
CreateThread
GetProcAddress
GetModuleHandleA
ContinueDebugEvent
WaitForDebugEvent
OpenProcess
DebugActiveProcess
WaitForSingleObject
CreateProcessA
ReadProcessMemory
ResumeThread
WriteProcessMemory
CreateDirectoryA
GetCurrentProcessId
GetTempFileNameA

user32

DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA

Sections

.init
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE