45265b9acb1185375d25c31a450df367_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45265b9acb1185375d25c31a450df367_JaffaCakes118
Size

11KB
MD5

45265b9acb1185375d25c31a450df367
SHA1

f5a03f00b8deca799e29a1c08cf440c0dbbe40a4
SHA256

67085c902c65567e81845fa9d162bff568bdcd59df67bfe1dd90dd6bf8ea0ba5
SHA512

197e63eca5da16972d1acac90224e869deb5e79f6d2a3ea5b4fb516d0acd0af3b7ebd5534c3a7f458809e15dba6b53706fcf7dd807ffc6ee1f666665d1f91997
SSDEEP

192:SqhFFEopYV9pO/YOH3Q8a9rskN54U9uw5:SqhFFEGYDpO/LUrskN54Ut5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45265b9acb1185375d25c31a450df367_JaffaCakes118

Files

45265b9acb1185375d25c31a450df367_JaffaCakes118
.exe windows:4 windows x64 arch:x64

639fd801083073ce729fa3e3f7bbe58f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imagehlp

CheckSumMappedFile

shlwapi

PathFileExistsA

kernel32

HeapAlloc
GetProcessHeap
lstrlenA
GetCommandLineA
ExitProcess
UnmapViewOfFile
IsBadReadPtr
CloseHandle
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
DeleteFileA
CopyFileA
MoveFileExA
GetTempFileNameA
GetModuleFileNameA
GetLastError
WaitForSingleObject
lstrcpyA
WriteFile
ReadFile
SetFilePointer
lstrcatA
GetWindowsDirectoryA
GetVersion
HeapFree
ReadConsoleA
GetStdHandle
WriteConsoleA
CreateProcessA

user32

wsprintfA
wvsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ