8c9cd6e17ba89f0d13ab871d3fefe978_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c9cd6e17ba89f0d13ab871d3fefe978_JaffaCakes118
Size

3KB
MD5

8c9cd6e17ba89f0d13ab871d3fefe978
SHA1

5c971ed7cbd2194c48882db0c04a7287c3c67d3a
SHA256

6e5975c7d6969be96c8ae729d186c8efa6cb80a794fa3741e3e8b8b2f8b8548c
SHA512

6b1ae729caf51e5db9fb74cab465eda2879dee872b916e0f74c1f14425d639137ac5ea5b69634ec9fde6e3d826eb9f00fd3694ced901528162166553d4bd5e1d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c9cd6e17ba89f0d13ab871d3fefe978_JaffaCakes118

Files

8c9cd6e17ba89f0d13ab871d3fefe978_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b131604620b2ce1a5390878956121ed7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
wsprintfA

kernel32

CreateToolhelp32Snapshot
ExitProcess
GetCommandLineA
GetLastError
GetProcAddress
LoadLibraryA
CreateRemoteThread
Process32First
Process32Next
Sleep
SuspendThread
Thread32First
CreateProcessA
VirtualAllocEx
WriteProcessMemory
lstrlenA
CloseHandle
OpenProcess
Thread32Next

wsock32

connect
WSAStartup
recv
send
socket

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA

shell32

StrStrIA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE