6334b3fc5be03041fe0bdd75cea49684_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6334b3fc5be03041fe0bdd75cea49684_JaffaCakes118
Size

9KB
MD5

6334b3fc5be03041fe0bdd75cea49684
SHA1

9fd2af24de21552aef0d6e26c13c30191964ac01
SHA256

c20b696e7759d5c3dc460fe1d8eefaa06c764d5d077aefb8152d59696918a0f6
SHA512

bbb65a4145d420722a2343f7a54b80780067cf9a97628e6f504fb7433da98a4effe04cb0048dcaf95645d7ee9987ec5fd01ad490b029226e4e4c21adf410d2ca
SSDEEP

192:pZHeYgpSiABEORAGkF7cOQdjeHwXg5eB:2rpjKAJgeHwXgEB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6334b3fc5be03041fe0bdd75cea49684_JaffaCakes118

Files

6334b3fc5be03041fe0bdd75cea49684_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb3f8ae1b19bd4d886897a571fc0b692

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateRemoteThread
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetLastError
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
OpenProcess
SearchPathA
SetUnhandledExceptionFilter
Sleep
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memcpy
printf
signal

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE