68c7d61ef788b9352a421c6ca314142e_JaffaCakes118 | Triage

Sharing

General

Target

68c7d61ef788b9352a421c6ca314142e_JaffaCakes118
Size

56KB
MD5

68c7d61ef788b9352a421c6ca314142e
SHA1

2ce6c32352e7fc35a62872c0f79f460fa4a8361b
SHA256

c9587c898527c7a3372ff1c90db9cdb6131336a9e986ba352cf8fe3bc7c7e5b9
SHA512

a2a67a59b3737b31f4b2f2b4e81cffe3ca475344349e1a2a0cd8370347b0ae42e8143778bfb42f672484240c97f120dbd13db7e9d35921e890c5adb4238eaba4
SSDEEP

1536:jhW3bLKhuQ6rB7V4+eCeeG8qb7AtnSnpnsj:jAnKhuJrB7V4+eCeoq4tnIpnsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68c7d61ef788b9352a421c6ca314142e_JaffaCakes118

Files

68c7d61ef788b9352a421c6ca314142e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f94c5b744014b13a95cd8c9d562a2077

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strstr
RtlAdjustPrivilege
memset

kernel32

GetModuleFileNameA
DeleteFileA
ExitProcess
CreateFileA
SetFilePointer
ExpandEnvironmentStringsA
WriteFile
CreateProcessA
FlushFileBuffers
GetLastError
GetTempFileNameA
CloseHandle
GetModuleHandleA

shlwapi

PathFindFileNameA

winspool.drv

DeletePrintProcessorA
AddPrintProcessorA
GetPrintProcessorDirectoryA

Sections

.text
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ