3f542b284966cc988832a6882a261b14_JaffaCakes118 | Triage

Sharing

General

Target

3f542b284966cc988832a6882a261b14_JaffaCakes118
Size

2KB
MD5

3f542b284966cc988832a6882a261b14
SHA1

29b1402fb8ee68a984ce4c76a068f7a56ae659a1
SHA256

287d7727af8217945a3bbd7da79a1c312acdd87ba9d071e25e86c971927fe9fc
SHA512

faf90a1ed6d5fcd55cbab7a0ad16c0ea10a876d70d7fdf573aab46cf43c81bb67f6d25051ae3f11fcbc8fc9c01bf8f8ca475bbf938b7a1046e730736d06d5cf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f542b284966cc988832a6882a261b14_JaffaCakes118

Files

3f542b284966cc988832a6882a261b14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fd75817e88bc985535ca2b23c86ca86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetTempPathA
CreateFileA
GetModuleFileNameA
GetModuleHandleA
ReadFile
OpenProcess
GetLastError
GetCurrentProcess
GetCurrentThread
lstrcatA
WriteFile
CloseHandle
TerminateProcess
WinExec

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken

shell32

ShellExecuteA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE