88435b36a602e525302b40b689e863dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88435b36a602e525302b40b689e863dc_JaffaCakes118
Size

32KB
MD5

88435b36a602e525302b40b689e863dc
SHA1

62029501e21b9199bece38f05823de3e1162571a
SHA256

549406cb779ea81015ddd3e704450c7d367b1c0fbb2982aa5068cd1b5065fd98
SHA512

1383fafbd2603ed327f9f32271028a258f3017375057e698a20d20b80cbbbb14c721b0278c61f5c2b910532c1cc5d21b71c53f19e427eed8b29e0f53bc8a6e0a
SSDEEP

768:EEcJYjnHag/8sSlLgVVdLQSx2985oIwOmQZXWSM1gk4571+:/aDWVVdFIJtQ1Mq71+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88435b36a602e525302b40b689e863dc_JaffaCakes118

Files

88435b36a602e525302b40b689e863dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

388ca28e155f18cfe6cafe69f68fcce8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetModuleHandleA
CreateProcessA
GetWindowsDirectoryA
DuplicateHandle
GetCurrentProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
WriteFile
VirtualFreeEx
GetFileSize
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetFileAttributesA
ExitProcess
GetCommandLineA
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
Sleep
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetSystemDirectoryA
GetProcAddress

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

msvcrt

strlen
atoi
strchr
__CxxFrameHandler
_EH_prolog
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
strcat
_strnicmp
memcpy
free
malloc
strcmp
strncpy

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE