40147330d6a5f3ee1845d4fd45675314_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40147330d6a5f3ee1845d4fd45675314_JaffaCakes118
Size

148KB
MD5

40147330d6a5f3ee1845d4fd45675314
SHA1

d69cb1fe28fb88da83ba5c0547d5a51ae7ca085a
SHA256

c07d70d505bfbc3690b58756d9e5a5bc7793c14abef19639098ef9db61d736f4
SHA512

c718b2d9c4ac5ee92b67aa6be03aba62166c6af549b5a49f72b5731aabb3cac4baaa5680c0e165354dd727747b2659ac48b7a1997a632ec8a8adc6be77dc5b31
SSDEEP

192:xk+VQtUVMpTHsT8IXTf9IRJR7d9U8AoprzznC/bYWLzGD+X00xgxmpKkKcSepuM:ClsSYTfmVU8AMz2/bl3GQxtpKbcSeEM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40147330d6a5f3ee1845d4fd45675314_JaffaCakes118

Files

40147330d6a5f3ee1845d4fd45675314_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbeb01bdcd3a66e257480e667e429506

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
ExitThread
GetCurrentProcessId
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetTempPathA
LoadLibraryExA
MapViewOfFileEx
MoveFileA
OpenMutexA
OpenProcess
OutputDebugStringA
Process32First
CreateToolhelp32Snapshot
Sleep
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualProtectEx
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
CreateThread
CreateRemoteThread
CreateProcessA
CreateFileMappingA
CreateFileA
CopyFileA
Process32Next
CloseHandle

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegEnumValueA

shell32

ShellExecuteA

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE