4a6fa16d24efc9ac2ffac6e7d850a6eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a6fa16d24efc9ac2ffac6e7d850a6eb_JaffaCakes118
Size

37KB
MD5

4a6fa16d24efc9ac2ffac6e7d850a6eb
SHA1

ae26652161b7a18bf5ba8f87ce548d399d4d0db7
SHA256

ef9ace00510448d4980b73f3afbc86c3e6d8b89a4ec96ea60c31efa6a833de05
SHA512

731de94cf260b5671764b95a2f734c6e46fb3e8f1985300f76535ac6bf80351baee2a02712affe670453a5642ca4e7d2a70998ba59d0750d5082c45e6f0774e5
SSDEEP

768:VWpSyNFIhok5I0A4Ce9NifIL4DRU4/fLI0Yr7Jz+5v39FYBB9GXDSM2EHIW:GSy3Ge0A4Ce9RXxnr7JzGvtUODSMpHIW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a6fa16d24efc9ac2ffac6e7d850a6eb_JaffaCakes118

Files

4a6fa16d24efc9ac2ffac6e7d850a6eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a71d90964cfaa2b6ed7a385eaf97dda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
WinExec
lstrlenA
lstrcatA
GetProcAddress
GetModuleHandleA
GetEnvironmentVariableA
IsBadReadPtr
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
Sleep
GetFullPathNameA
CopyFileA
lstrcpyA
DeleteFileW
ExpandEnvironmentStringsA
LoadLibraryA
lstrlenW
VirtualFreeEx
CreateDirectoryA
GetSystemDirectoryA
lstrcpyW
lstrcatW
MultiByteToWideChar
GetVersionExA
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
SetLastError
UnmapViewOfFile
GetFileSize
SetFilePointer
ReadFile
LocalAlloc
CloseHandle
LocalFree
VirtualFree
VirtualAlloc

user32

CharUpperA
MessageBoxA

advapi32

RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

imagehlp

CheckSumMappedFile

ntdll

NtSetSystemInformation
RtlInitUnicodeString
NtCreateFile
ZwLoadDriver
NtDeleteFile
RtlUnwind

psapi

EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE