8839f61a5dc93efb9959be462542d4a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8839f61a5dc93efb9959be462542d4a2_JaffaCakes118
Size

69KB
MD5

8839f61a5dc93efb9959be462542d4a2
SHA1

e173860f9634b013e92aaf84b63808e2b7f63710
SHA256

6b1cc97c5a026510c54aa05d0f5d2b97ad22e97f0d82a2b4ad9be3fead7ce6d8
SHA512

bccb749714dce0d3447d15d08cf4ca98447be4cb3006cad15d036f6e87f47f626056b671950947b75634fddc18bd527f6114ec54745b7056b2ee1ca2010ccf5c
SSDEEP

1536:oVG0ZMdLNA1Ciw40yhs8S2nItbRYsEKlwgAO4LR+wLx5vuNP:oVG0KdxA1Ciw4Fs8S0sEKlwgzELjiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8839f61a5dc93efb9959be462542d4a2_JaffaCakes118

Files

8839f61a5dc93efb9959be462542d4a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

93b5201d57470bdee489ff3f4140bac0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
SetThreadContext
ResumeThread
GetThreadContext

advapi32.dll�

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt.dll�

malloc
fclose
??3@YAXPAX@Z
fread
fseek
fopen
free

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cw
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CBtrl
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sha
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shaa
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ