8edc77e766cf34f5a042e257a6573e9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8edc77e766cf34f5a042e257a6573e9a_JaffaCakes118
Size

24KB
MD5

8edc77e766cf34f5a042e257a6573e9a
SHA1

65b20c4a42168d3ab9b6f4dd7307fd4a18b2bef6
SHA256

cb911a9dc662c4e6de98309f781b2c6609a385e84ee6e7af2a4ad77fb6a9e4db
SHA512

d40af1ae1f7f7dac350035f41b1bfb841ed060df1672eb165e625d0f14ff4de04429ac1148ada259bf3f1eeb4036154b8c22d93cc23fdc220cc6e1814d327204
SSDEEP

384:SSefRANykrYnPcUfhoekCzDaTlCoBEF2:AfRANytnPcKkCzDGNBE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8edc77e766cf34f5a042e257a6573e9a_JaffaCakes118

Files

8edc77e766cf34f5a042e257a6573e9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7c5022bf7ad7c4e951e293e657cf7ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetCurrentProcess
VirtualProtect
GetModuleFileNameW
DeleteCriticalSection
CreateFileW
GetCurrentThreadId
ExitProcess
GetModuleFileNameA
GetCurrentProcessId
CreateThread
GetLastError
GetProcAddress
GetModuleHandleW
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
CloseHandle
CreateEventW

advapi32

AreAllAccessesGranted

shlwapi

StrStrIA
StrChrA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 31B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ