783c1c3960b609aa07aa773c027a0f96_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

783c1c3960b609aa07aa773c027a0f96_JaffaCakes118
Size

59KB
MD5

783c1c3960b609aa07aa773c027a0f96
SHA1

0320f48cc552804a73f9ac1b71b25405d25706bb
SHA256

8316eaedf20ff554c7cb9c56de10a10edea919f7c7a9365c600b0f577f9f6b58
SHA512

f1dc792309885d8c1f2632fafbf5104b65a1035f5cd1016bf396a6d3b72f171b40647f772e649754eafaeb2a3cde3798e212771b49fa2360991a017d67810fd9
SSDEEP

1536:RrbMZeSnt+wHRq+FNLNnmVAvXe8a8rnGaACqoR:9MV8Yr0VAve+RAd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
783c1c3960b609aa07aa773c027a0f96_JaffaCakes118

Files

783c1c3960b609aa07aa773c027a0f96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

309f08ff082177aa51d7ff00190137f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_chkstk
strcat
_vsnprintf
isalpha
memset
strcpy
strstr
strlen
_stricmp
memcpy
RtlUnwind
NtQueryVirtualMemory

kernel32

GetVolumeInformationA
SetThreadAffinityMask
GetProcessAffinityMask
CreateFileA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetCurrentThread
GetProcessHeap
ExpandEnvironmentStringsA
GetWindowsDirectoryA
WriteFile
GetCommandLineA
OpenProcess
WideCharToMultiByte
Sleep
CreateEventA
CreateProcessA
TerminateProcess
GetSystemDirectoryA
GetLastError
SetLastError
GetProcAddress
GetLongPathNameA
LoadLibraryA
CreateFileMappingA
GetSystemInfo
GetModuleHandleA
CreateMutexA
GetVersionExA
CloseHandle
DeviceIoControl

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
OpenProcessToken

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE