8bbd6f8e406ae37754275028d8c53879_JaffaCakes118 | Triage

Sharing

General

Target

8bbd6f8e406ae37754275028d8c53879_JaffaCakes118
Size

4KB
MD5

8bbd6f8e406ae37754275028d8c53879
SHA1

042884fe47e3842ed71baed80421bd2d3e8a6b7d
SHA256

c9b5f7657dc2caf399b01e2ac2f700fabbf7579f87f38f5b67ed250857696580
SHA512

b947cedc3334be61ccb9f23dcfcedd1cae6544ceedad5ef150a72aa1c69d41300784d9f5c8b8d86b4f528fc984d4d186d1b30ded80dc241b699d2a555e4ec50b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bbd6f8e406ae37754275028d8c53879_JaffaCakes118

Files

8bbd6f8e406ae37754275028d8c53879_JaffaCakes118
.exe windows:4 windows x86 arch:x86

31bb28471c81a9432351f22ef54d7cc8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetCurrentProcess
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
ExitProcess
OpenProcess
Process32First
Process32Next
Sleep
VirtualAllocEx
WriteProcessMemory
lstrcmpiA
lstrcpyA
lstrlenA
CreateToolhelp32Snapshot
CreateRemoteThread
CreateProcessA
GetSystemDirectoryA
CloseHandle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
OpenProcessToken

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE