a3a240f7f56f9c9fc8d9c6a034e6ef8d_JaffaCakes118 | Triage

Sharing

General

Target

a3a240f7f56f9c9fc8d9c6a034e6ef8d_JaffaCakes118
Size

13KB
MD5

a3a240f7f56f9c9fc8d9c6a034e6ef8d
SHA1

a7cb911f48e8bcff8126f62a2e0e5802f290bb42
SHA256

47ec6142e8a21d737e7a39c0ccb4901f113d74895b0ae1f753e5b40d8704539d
SHA512

99864defe43f18ecccb97ecb27ed7750dc8a036da8397cf47913652d2d10ae4b22d4621ecea600cd5be18749b6a01c2128b6918a5a283c6f0a1e9a1ec48d259a
SSDEEP

192:IHeYonSJ1oLzyLj70/QTSPYGp8oxJpHMtKNA4bgTe0Geni:I+YonS4U7bSPYXAJpHMtQA4bgTe0Gg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3a240f7f56f9c9fc8d9c6a034e6ef8d_JaffaCakes118

Files

a3a240f7f56f9c9fc8d9c6a034e6ef8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d0d38d659cf11fe7871344a6da4ac3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
FindWindowA

kernel32

HeapFree
lstrcpyA
CloseHandle
CreateFileA
CreateRemoteThread
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetTempPathA
HeapAlloc
lstrcatA
LoadResource
LockResource
OpenProcess
RtlZeroMemory
SizeofResource
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrlenA

shell32

ShellExecuteA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ