4833c215612f2f939613614cf8950c90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4833c215612f2f939613614cf8950c90_JaffaCakes118
Size

48KB
MD5

4833c215612f2f939613614cf8950c90
SHA1

22c5660a32277e492f6e2bcf5357604a555c1da1
SHA256

91e069159679af677f5152e19100e19f99989cc095cc4396965d4a26d8d54819
SHA512

714ac7ec709415f0b50135b209cf280052c74a8c9f45e120b056211a461a9e289e1d1d2b0183761c5f6fdd4ff1ab3ccd192b41375971cf47115c4191864620f4
SSDEEP

768:dKikHAr5evw0VkbFD6rXUNe7DJsQxG9YNLvHCgmomFb6uMXlI+M8qzBBqJWAjbtX:Aiky5eNdZs6Qf14BA0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4833c215612f2f939613614cf8950c90_JaffaCakes118

Files

4833c215612f2f939613614cf8950c90_JaffaCakes118
.exe windows:4 windows x86 arch:x86

516caf4cf5563d44766b4d9cd08ff464

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
FindClose
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
CloseHandle
CreateProcessA
lstrcpyA
WriteFile
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
GetCurrentProcess
SetFilePointer
CreateFileA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
Process32Next
Process32First
CreateToolhelp32Snapshot
CompareStringA
lstrlenA
lstrcatA
GetSystemDirectoryA
ReadFile
GetFileAttributesA

user32

wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ