a46630d4ac4eb78feb8f1cf9f6b038de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a46630d4ac4eb78feb8f1cf9f6b038de_JaffaCakes118
Size

12KB
MD5

a46630d4ac4eb78feb8f1cf9f6b038de
SHA1

207560a659a57d9e2e320234ebeba9f22a0d25e0
SHA256

5a603e5c7abdafa4601b181a63931568b47eed48ace849e0866a52ee2d2fb6f0
SHA512

af50488b15a22918caaec611a749cb9a138c493a339b5f063f48ff21df3a6296d6751c82387da6cdca0bfad48bea82df61ceb68c4769d4a396964cdeb324bae4
SSDEEP

192:rLjEELtnF048yc+SqjOcx8DvwOORbrrOnh6NsLAQ6QkLCbrlN:vj/LtnN12mrxowRbr6tAQ6Qkq/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a46630d4ac4eb78feb8f1cf9f6b038de_JaffaCakes118

Files

a46630d4ac4eb78feb8f1cf9f6b038de_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3d89cbcc1997584008131f98b7328eb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetLastError
GetCurrentProcess
GetModuleHandleA
lstrcatA
FindClose
FindFirstFileA
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
lstrlenA
GetWindowsDirectoryA
ReleaseMutex
CreateMutexA
FindNextFileA
Sleep
DeleteFileA
lstrcpyA
CreateThread
GetCurrentProcessId
CloseHandle
LoadLibraryA
CreateRemoteThread
GetProcAddress

user32

FindWindowA
PostMessageA
wsprintfA

advapi32

AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA

msvcrt

sprintf
_stricmp
memset
strlen
strcat
strcpy
strrchr
_except_handler3
strstr

Exports

Exports

pfjaoidjglkajd

Sections

.bss
Size: - Virtual size: 856B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ