425058d8b0cb0d5cebc4cd017d6169cb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

425058d8b0cb0d5cebc4cd017d6169cb_JaffaCakes118
Size

59KB
MD5

425058d8b0cb0d5cebc4cd017d6169cb
SHA1

45e9e70a268d7bdfd3725432d4c79960278962ca
SHA256

c4810daa9cd61c085fb2faa44306279560985e3a447ef0ad0714d1070b4c504f
SHA512

34963a48427f764f3162e0df3e0340d45ac53fb74996b109cd7ce0c00ba44ea12ffc3516544a50953fe89441262be471779c7eec0b1d1fc83d6d861366f005a9
SSDEEP

1536:eBOM3eaHt+wHRq+FNLNnmVAvXe8a8rnGaACqoR:mOMlcYr0VAve+RAd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
425058d8b0cb0d5cebc4cd017d6169cb_JaffaCakes118

Files

425058d8b0cb0d5cebc4cd017d6169cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

309f08ff082177aa51d7ff00190137f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_chkstk
strcat
_vsnprintf
isalpha
memset
strcpy
strstr
strlen
_stricmp
memcpy
RtlUnwind
NtQueryVirtualMemory

kernel32

GetVolumeInformationA
SetThreadAffinityMask
GetProcessAffinityMask
CreateFileA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetCurrentThread
GetProcessHeap
ExpandEnvironmentStringsA
GetWindowsDirectoryA
WriteFile
GetCommandLineA
OpenProcess
WideCharToMultiByte
Sleep
CreateEventA
CreateProcessA
TerminateProcess
GetSystemDirectoryA
GetLastError
SetLastError
GetProcAddress
GetLongPathNameA
LoadLibraryA
CreateFileMappingA
GetSystemInfo
GetModuleHandleA
CreateMutexA
GetVersionExA
CloseHandle
DeviceIoControl

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
OpenProcessToken

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE