61008dad9dc16ad08143e754b4c397ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61008dad9dc16ad08143e754b4c397ec_JaffaCakes118
Size

13KB
MD5

61008dad9dc16ad08143e754b4c397ec
SHA1

0e7ef3463056dd9ce9e2e8961bea6dbbb33ab88e
SHA256

d72587c60b4ecbcaa32d18beb0f4c6f07eac92c86ac306d2fe22c01be8558e4c
SHA512

4ffdd44bf44cb2110aaf6d350bfc1e5253228069f6275f5dcf79576240c93365bd5e91946f171743cb22de4cf5a25fff52ea7faa64550e2b37f23596dc0a6bfa
SSDEEP

192:+H69A3iBs6vXCEuiH3f3dS3iPU7PJoOzwEkCQwk+GOFOe6:+Hq2iqM3ftSSP0PJtE5CQEGOF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61008dad9dc16ad08143e754b4c397ec_JaffaCakes118

Files

61008dad9dc16ad08143e754b4c397ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ad56e74ef9e720511e6812372a2a29a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
lstrcatW
CloseHandle
CreateThread
ExitProcess
GetTempFileNameW
CreateMutexW
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetProcessHeap
CreateRemoteThread
lstrlenW
LoadLibraryW
CopyFileW
GetModuleFileNameW
CreateFileW
GetTempPathW
OpenMutexW
VirtualAllocEx
lstrcmpiW
WriteProcessMemory
Sleep
lstrcmpA
GetTickCount
WriteFile
MultiByteToWideChar
CreateProcessW
OpenProcess
lstrlenA
LocalAlloc
GetProcAddress
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ