4028c2c59de5c2214290831b415e6a34_JaffaCakes118 | Triage

Sharing

General

Target

4028c2c59de5c2214290831b415e6a34_JaffaCakes118
Size

4KB
MD5

4028c2c59de5c2214290831b415e6a34
SHA1

94e5955fb7b2d7e5b4c107dd340c8394fb5df680
SHA256

ca2075b2bbbf5abf13c017d45b47693a33ff9d7a18ff8fb66aea93dd04017534
SHA512

6de5778bcd55a7986e76a5eb31540189eef1433a2af950fa4afb4c889a12b74cefc1ee81822fbdaab52274aa9fe67bd8666ab5fd3e7f9e0fee131bcf0a0df5a5
SSDEEP

48:iCcT3mMyc/Lp0Zp5YTeyBXcE2zy/5Fu4Q5hI9QokUnZYYeflbzdjB4GfKj0pYtHM:BqGYTdXc/zy/K9wY7lb5jBDfKjtZKio

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4028c2c59de5c2214290831b415e6a34_JaffaCakes118

Files

4028c2c59de5c2214290831b415e6a34_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cdcd85decbca986e2222774d3f0f65c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcmpA
Process32First
CreateToolhelp32Snapshot
GetPrivateProfileStringA
Process32Next
VirtualFreeEx
GetProcAddress
lstrcatA
GetEnvironmentVariableA
GetCurrentProcess
CloseHandle
GetModuleHandleA
lstrlenA

user32

ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DestroyWindow
PostQuitMessage
DefWindowProcA
UpdateWindow

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE