3e2b3ae94fe03c3a6deb18cbafc91e1e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e2b3ae94fe03c3a6deb18cbafc91e1e_JaffaCakes118
Size

82KB
MD5

3e2b3ae94fe03c3a6deb18cbafc91e1e
SHA1

a4b81ee2e1a88eee101a48f66c02175e4c932fe0
SHA256

de437c680ab2855c23f5c4a037ff7d4ae125b61967739663c05cc7cef295c410
SHA512

574c71783796d587b088c40570a3d7a4283f12da0d759507c92d7262a459aeb18d5d4fb7ea254a98e07bb348e091aec10fbe280332c16a9a034fcaadba061257
SSDEEP

1536:5UZOWfVj1OvFMhxLrmgsbeyAu1JD7Q0FqtW3eUESLdFKs3:5UFtjIvOh3KZMyyWpESL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e2b3ae94fe03c3a6deb18cbafc91e1e_JaffaCakes118

Files

3e2b3ae94fe03c3a6deb18cbafc91e1e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3efd9b9f47efbf96458bf7aa9aa4fc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
SetCurrentDirectoryA
DeleteFileA
GetVolumeInformationA
lstrcmpiA
lstrcpyA
lstrcatA
GetVersion
lstrlenA
ExitProcess
WideCharToMultiByte
GetModuleFileNameA
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetTickCount
SetFileAttributesA
GetTempPathA
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
LoadLibraryA
LocalFree
LocalAlloc
CreateMutexA
GetProcAddress

user32

wsprintfA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserA
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
InitializeSid
GetSidLengthRequired
OpenProcessToken
DuplicateTokenEx
GetUserNameA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE