72d08e0253101cfae302c5e54ec55798_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72d08e0253101cfae302c5e54ec55798_JaffaCakes118
Size

22KB
MD5

72d08e0253101cfae302c5e54ec55798
SHA1

a8388a8a3f62221550669b4be075e3c4f96806bb
SHA256

256520f4fde3a6ce7f87414568fbf2abc8899f93ff3e080afcbce7045c67a790
SHA512

96cd28857099eb8a822b5cbfa2a393968291e8a64b363d3c4f49c478825704139b45910d541e133832688ea1404eb896845fae015477a0ca4fe73504f5f82aa3
SSDEEP

384:Oyjoz5nZGyWvAEvmDhH96NXFYqFcAFCiOavjUgumuLDrYdolHIRKKXFmnj:zjot8ywAUm1HgHYqFcAWabUdnDrYuloC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72d08e0253101cfae302c5e54ec55798_JaffaCakes118

Files

72d08e0253101cfae302c5e54ec55798_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3a008f4f08a505723cdb1f0aaf0d3a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
VirtualProtectEx
GetThreadContext
CreateProcessA
GetCommandLineA
SetThreadContext
ReadProcessMemory
ResumeThread

user32

GetDC

gdi32

SetTextColor
GetTextColor

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE