6001d26eed60f0732d506702d37b8a1f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6001d26eed60f0732d506702d37b8a1f_JaffaCakes118
Size

20KB
MD5

6001d26eed60f0732d506702d37b8a1f
SHA1

4c5113f4d8762a20df2736b544058347d8f63122
SHA256

d185e38caef194621c92ea7458200469c45bfeea7e5eaec66dcaf3c8cf086329
SHA512

017901528e5fbd3934133b15c6c179e3c3446359df3922db10a24b6b096c9cbd815d9ea06685c9291964aba3cdd6adfcd16f75e5b4a3c95610e49f45a959ae90
SSDEEP

384:H5ZfkuSyzH5BqbGQCTuHolC5FyrE+cJz3JHb8MCIY7EGVJ3ypnj4yLW:HvBqDCTWocqrHcJPCIY7rVJqnkyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6001d26eed60f0732d506702d37b8a1f_JaffaCakes118

Files

6001d26eed60f0732d506702d37b8a1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

696a5a906d1e40ab434f78135da20243

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
WriteFile
lstrlenA
CreateFileW
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcmpiW
GetModuleFileNameW
GetLastError
CreateMutexW
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
LoadLibraryA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
WideCharToMultiByte
CloseHandle
ReadFile
DeleteFileW
Sleep
FreeResource
SizeofResource
CreateFileA
LockResource
LoadResource
FindResourceW
DeleteFileA
GetSystemDirectoryW
CreateDirectoryW
GetWindowsDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetLocalTime
GetLocalTime
ExitProcess
LoadLibraryW
SetFileAttributesW
GetProcAddress

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

shell32

ShellExecuteW

msvcrt

swprintf
_memicmp
wcslen

shlwapi

PathFileExistsW

Sections

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ