6f148757bb4cd7f94f880b6d763c579a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f148757bb4cd7f94f880b6d763c579a_JaffaCakes118
Size

15KB
MD5

6f148757bb4cd7f94f880b6d763c579a
SHA1

7c69cc56bf6295347daa95c8951f45a3649d5745
SHA256

6d9d214c10174b7723a9d12f44f1a8db3ec9c3f6284cec71cbd3a23f344b4079
SHA512

2334855c1b32100a316bc105701d831cda06278e6f75f0801c92f3f3bd6610d972b1f9d456254b1765b8c1eb020ec1e8b8920cd3a830ed51ad5b8e1d8de0d0b6
SSDEEP

192:kR5gR9mzwh99xZik89x0rj5KFDuWvE1Jy6YenN59EEL6MQf6z19Zx:+5gRp3PAk89x03+BvcJy/UuMQf6HX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f148757bb4cd7f94f880b6d763c579a_JaffaCakes118

Files

6f148757bb4cd7f94f880b6d763c579a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3c2e45d292a383cfdcb6f87852de361

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
lstrcmpiA
Process32Next
OpenProcess
TerminateProcess
Process32First
CreateToolhelp32Snapshot
SizeofResource
CopyFileA
Sleep
lstrcatA
lstrcpyA
WinExec
GetModuleFileNameA
ExitProcess
LoadResource
CreateFileA
LockResource
WriteFile
CloseHandle
DeleteFileA
GetWindowsDirectoryA
GetCurrentProcess

user32

wsprintfA

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ