8c4df3bbab0b276cbec529b35dd23d7d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c4df3bbab0b276cbec529b35dd23d7d_JaffaCakes118
Size

6KB
MD5

8c4df3bbab0b276cbec529b35dd23d7d
SHA1

69cc7d4e6d06d52cc1e67a262f351beb696ecd46
SHA256

15c7b4bf08a70028adccae36aca9cf66297423333c1aa11ef60729b10f919e84
SHA512

ccc5406dc1a8a80ef669417a45fde8a5f8d3e1ffcfe7fc604a1a8aaaf71e78c6239bcff4332bc2a734086460d8d61edd501fb07b9f062d6f2db1b89c8792464c
SSDEEP

96:rcqtCWrd8ObWkIjtcfSFyjS3k4clCIDc5dKl0uQnmiKH0lb7sd7:gqtCWhgxcBKd31yib7sd7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c4df3bbab0b276cbec529b35dd23d7d_JaffaCakes118

Files

8c4df3bbab0b276cbec529b35dd23d7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

580a565a6f03e182cd4e0155d7511148

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
RemoveDirectoryA
MoveFileA
DeleteFileA
GetModuleFileNameA
Sleep
CloseHandle
CreateThread
GetProcAddress
GetModuleHandleA
ContinueDebugEvent
WaitForDebugEvent
OpenProcess
DebugActiveProcess
WaitForSingleObject
CreateProcessA
ReadProcessMemory
ResumeThread
WriteProcessMemory
CreateDirectoryA
GetCurrentProcessId
GetTempFileNameA

user32

DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA

Sections

.init
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE