a865a4d800a0ede6d438fe14b5eced19_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a865a4d800a0ede6d438fe14b5eced19_JaffaCakes118
Size

33KB
MD5

a865a4d800a0ede6d438fe14b5eced19
SHA1

ca2be83b2bf65e97f9980ead10f7da5099b2ea47
SHA256

89c0e4786a87914ce4154bd68ccf0de7f0902ab3344beb8136a5da3f1141793e
SHA512

159a98e79ba1d5e89b44eb8862aae17cfece82b70ec02cd5294e18b23eea61fad951aa6ca5aed4620134d58d2d2adc2b6ac07298aa5c44970f037c001c57994b
SSDEEP

768:sakeOwcqy3VszCKSwbS1IIoZuSsEFYdxkSXCh:sagxqqVsuKSw2SsThC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a865a4d800a0ede6d438fe14b5eced19_JaffaCakes118

Files

a865a4d800a0ede6d438fe14b5eced19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b5254c2da64d8a069d26b91eb1208e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
LoadLibraryA
LoadResource
LockResource
OpenProcess
Process32First
Process32Next
RtlZeroMemory
SizeofResource
Sleep
WaitForSingleObject
WinExec
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrlenA
VirtualFree
VirtualAlloc
SetLastError
CreateRemoteThread
GetCurrentProcessId
ReadProcessMemory
ResumeThread

user32

wsprintfA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ