4bdd94ca136b22c784c89ac56f5742a1_JaffaCakes118 | Triage

Sharing

General

Target

4bdd94ca136b22c784c89ac56f5742a1_JaffaCakes118
Size

8KB
MD5

4bdd94ca136b22c784c89ac56f5742a1
SHA1

e89c5f50ca303a8f522d2260ed4e7f1d95b32fae
SHA256

8a17065ac0662f822cb3c967b798b40b9fa4bcc1c1dd6176c9440e1413c13d38
SHA512

009ea363dc4eb23969556b065bf80f23ca1432fb1554a5e2a2449b084e22714b392208e73b5ff473b6eb8eea364adb537b900c9001b29ee1fdfbb92f40b72bd4
SSDEEP

96:gEMLbTAZAwyOthMszljp5etpPbqaOkT/6uRPTWHa2SDerv49rCWkL+AqK:v8TNwyHqj0qeRdkSDewUU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bdd94ca136b22c784c89ac56f5742a1_JaffaCakes118

Files

4bdd94ca136b22c784c89ac56f5742a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3d1b5f560c93f2eebabc6039c82eba5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
SizeofResource
WriteFile
RtlZeroMemory
lstrcmpiA
lstrcpyA
lstrlenA
Process32Next
Process32First
OutputDebugStringA
OpenProcess
LockResource
LoadResource
GetSystemDirectoryA
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetCurrentProcess
FormatMessageA
FlushFileBuffers
FindResourceA
ExitProcess
DuplicateHandle
CreateToolhelp32Snapshot
CreateProcessA
CreateFileA
lstrcatA
CloseHandle

user32

MessageBoxA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ