68eae5ca724810c2396e3aa67e0317b5_JaffaCakes118 | Triage

Sharing

General

Target

68eae5ca724810c2396e3aa67e0317b5_JaffaCakes118
Size

32KB
MD5

68eae5ca724810c2396e3aa67e0317b5
SHA1

aa02eee05d79d1acd25fb6b4068f73363bc1adee
SHA256

9fb77a2b3b3a830974eb8c82460a681a4f4093a25c09114a688afe78c7a05db7
SHA512

5cd84b75fe44b332a7deb1ac89f6d70f62ee80c5b19a579a27c2f436a73e9545af43cd76ca272e11623b7e3dea0ebe0f4ce2fcac252c775ca170c60c13681936
SSDEEP

768:uXCTSy3MxTfGye2dVBt4yd2Jb8Isx1MA4aV7a:uX7/TfGye2gbh8lxBa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68eae5ca724810c2396e3aa67e0317b5_JaffaCakes118

Files

68eae5ca724810c2396e3aa67e0317b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

388ca28e155f18cfe6cafe69f68fcce8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetModuleHandleA
CreateProcessA
GetWindowsDirectoryA
DuplicateHandle
GetCurrentProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
WriteFile
VirtualFreeEx
GetFileSize
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetFileAttributesA
ExitProcess
GetCommandLineA
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
Sleep
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetSystemDirectoryA
GetProcAddress

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

msvcrt

strlen
atoi
strchr
__CxxFrameHandler
_EH_prolog
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
strcat
_strnicmp
memcpy
free
malloc
strcmp
strncpy

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE