69c363c28df50fd6c27cb0da512ed705_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69c363c28df50fd6c27cb0da512ed705_JaffaCakes118
Size

56KB
MD5

69c363c28df50fd6c27cb0da512ed705
SHA1

2c63a9d082245ec04c5df7178cb29ad29e31f3db
SHA256

4a451ae6a89521537e1bb98b931b8d2cf41389bdcb23fd5c693034ea83efdc27
SHA512

7d881f48e414cca78cb873f6b225e729e70b2b7303c52985b8fa7812fcfa8c83aefcaf7909f1a3914717e96f9765d4dce3cfaa6d7109a6b201b2cbf5717ea75a
SSDEEP

1536:ZVRdF0V54BoYaHvnPFK75ZZ7eRz2oEReWlQrwCjIy+g0VFB6efEJNnesJFJ5gaj8:vRwV54BoYOvgDZ7eRz2oEReWlQrwCjIh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69c363c28df50fd6c27cb0da512ed705_JaffaCakes118

Files

69c363c28df50fd6c27cb0da512ed705_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08a92ff99713fc047a88ea1714a3ca53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetSystemDirectoryA
GetFileSize
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
GetProcAddress
GetModuleHandleW
VirtualAllocEx
OpenProcess
ReadFile
GetCurrentProcessId
CreateFileA
WriteFile
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
lstrcpyA
GetCurrentProcess
CompareStringA
lstrlenA
CreateProcessA
FindClose
SetFilePointer
GetFileAttributesA

user32

wsprintfA
GetDesktopWindow

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ