94fbc71f6010dd12de9b3f30a897e0a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94fbc71f6010dd12de9b3f30a897e0a4_JaffaCakes118
Size

9KB
MD5

94fbc71f6010dd12de9b3f30a897e0a4
SHA1

ea6debdcece05266c546d9714f30d57dc11eadc5
SHA256

db58523fe4d5d5cd6f69cf961e743c65a9520566859fac5970b24393d68adc0b
SHA512

0f74fbdbc217fe813bc5d726ab880bb75bc14e0d6a97be6d8e4a3f7939fbe8350eb317960289938571ddba67068545ecc2e44a0ed208bb89d6172425e0a2f99c
SSDEEP

192:UyPrHSwJ1Sgnw3OmPO/R0J3QkXcdO8tkomMdJpqEAO+:r7BwHaG3QkXcdO8tkomMbpqp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fbc71f6010dd12de9b3f30a897e0a4_JaffaCakes118

Files

94fbc71f6010dd12de9b3f30a897e0a4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c50dfba6dde328c49d7748a21ec2afc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
rand
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
realloc
_strdup
_vsnprintf
strncmp
free
sprintf
strcat
strcmp
strncpy
strchr
_access
strcpy
strlen

kernel32

CreateFileA
GetTempPathA
GetVersionExA
WriteFile
GetTempFileNameA
CreateProcessA
WaitForSingleObject
CloseHandle
GetProcAddress
LoadLibraryA
lstrcmpA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptReleaseContext
RegEnumKeyA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyA
RegQueryValueExA

wininet

InternetSetCookieA

urlmon

ObtainUserAgentString

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE