97682a0ef20dcc8a16ea3bc2b4fcd256_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97682a0ef20dcc8a16ea3bc2b4fcd256_JaffaCakes118
Size

11KB
MD5

97682a0ef20dcc8a16ea3bc2b4fcd256
SHA1

f86f0f09b1ac5b04b347535a2b4c43c0e77ca4e8
SHA256

c8887b031961bb455841444e0e0a801d1cc8ed6766479ab0bfaa45c56db6c92f
SHA512

cbf50206cc016e2b16be147924c2e8523d05bc69a3e5c79a6c8edb2ad23f45c34369eaaae9364d47b84d7c7ce7a54b4b73ed73030f48d39a28c8e8ed333c3fec
SSDEEP

192:CSPyHRcePLHd3OG7oy9ORmDOfMR1xmskkzl:hySePjstR0TmKp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97682a0ef20dcc8a16ea3bc2b4fcd256_JaffaCakes118

Files

97682a0ef20dcc8a16ea3bc2b4fcd256_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c07634d87ee61322f43d6c7cd0e4c764

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetFileInformationByHandle
CreateFileA
lstrcatA
GetSystemDirectoryA
GetProcAddress
ReadFile
LoadLibraryA
GetCurrentProcess
IsBadReadPtr
GetVersionExA
OpenProcess
HeapFree
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
CloseHandle
lstrcmpiA
LocalFree
Process32Next
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
RtlUnwind

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetSecurityInfo
GetUserNameA
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken

urlmon

URLDownloadToFileA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ