491d2975be2a5e9bb94bcaf491eb4f35_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

491d2975be2a5e9bb94bcaf491eb4f35_JaffaCakes118
Size

6KB
MD5

491d2975be2a5e9bb94bcaf491eb4f35
SHA1

835a9e565ec0fdad512af0fd86f8119662e733b0
SHA256

16b0dce16e92f3fc2d5d3c8c9fc23ea743d2844fcb4f666e1f5ffa8c22604278
SHA512

6aa763742716fd38f83cbbd5580302dc7fa71528b1328697783a48e2faf18b2d7407078c24295f48fe9cb8d5b46aea83ed2fbe77ec0308bdb97f8ae0e74d50f3
SSDEEP

96:ro1M7M85fiT+/RMPWa8IvgE0AxhGuXqqFJ5R9JVvGvLd3qr7fe0lb7sd7:f54kEWaxvgEGIVJVOvR33ib7sd7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491d2975be2a5e9bb94bcaf491eb4f35_JaffaCakes118

Files

491d2975be2a5e9bb94bcaf491eb4f35_JaffaCakes118
.exe windows:4 windows x86 arch:x86

580a565a6f03e182cd4e0155d7511148

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
RemoveDirectoryA
MoveFileA
DeleteFileA
GetModuleFileNameA
Sleep
CloseHandle
CreateThread
GetProcAddress
GetModuleHandleA
ContinueDebugEvent
WaitForDebugEvent
OpenProcess
DebugActiveProcess
WaitForSingleObject
CreateProcessA
ReadProcessMemory
ResumeThread
WriteProcessMemory
CreateDirectoryA
GetCurrentProcessId
GetTempFileNameA

user32

DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA

Sections

.init
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE