7086f4645a135cdf364ef4017858fc09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7086f4645a135cdf364ef4017858fc09_JaffaCakes118
Size

9KB
MD5

7086f4645a135cdf364ef4017858fc09
SHA1

256bdbda9cad92bb796309ebd1e45e179f9eb369
SHA256

26e5aad2a9f720d6b19f383cb10531b4e223fdb78ca195bf363de85597e793cc
SHA512

29169a07f57274c2b428017ab4ad82bebc80344794ac2b0e103c05c1166ea6663279fb25b6288244b728cf843be44957d3a82867f3f9e4bf8d72653e976a2aba
SSDEEP

192:PxsbCOQK7DOf6ry1FKjDarvLN0tlS43TLSJR1Ad0pSvXTzXx:PzRiCfrhrvLNwlZHSJR1A+pSvv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7086f4645a135cdf364ef4017858fc09_JaffaCakes118

Files

7086f4645a135cdf364ef4017858fc09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8e8d0ba8965977499a89537e842af74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcatA
lstrcpyA
SetThreadContext
GetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
CreateProcessA
ExitProcess
CreateFileA
GetTickCount
GetWindowsDirectoryA
WriteFile
GetVolumeInformationA
Sleep
ReadFile
OpenMutexA
ReleaseMutex
CloseHandle

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE