3f659125f5a6dfed720ce70935d65ade_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f659125f5a6dfed720ce70935d65ade_JaffaCakes118
Size

8KB
MD5

3f659125f5a6dfed720ce70935d65ade
SHA1

dd097132b00c146df4c0425879bae5d444b8a843
SHA256

e570bdac40604f0e348e948d32da32c9f12ab766f59b69eb62b3f56a98a5ee0c
SHA512

d9cdc4b115d667001d39f3eeade4769953295dbb6f6647b9c8181ca080d1ee608804eed0a10b6584e8a57e3c844ea4a6f548657a08b56273f6af3c1d691fd749
SSDEEP

192:wiaGYzskgzRVPkI3SAYIhyUUwJIw0t3NZbA:UGYQkgzPHyfwJIw0t3NZb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f659125f5a6dfed720ce70935d65ade_JaffaCakes118

Files

3f659125f5a6dfed720ce70935d65ade_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50729caa73a21b1c65f50dfd5f67b3ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetWindowsDirectoryA
GetLocalTime
SetFileAttributesA
GetProcAddress
LoadLibraryA
CreateRemoteThread
WriteProcessMemory
WriteFile
GetModuleHandleA
OpenProcess
Sleep
CopyFileA
DeleteFileA
CreateDirectoryA
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
CloseHandle
WinExec
VirtualAllocEx
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

GetWindowThreadProcessId
wsprintfA
FindWindowA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ