a611094dec2d4e72f147e3b4354128b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a611094dec2d4e72f147e3b4354128b5_JaffaCakes118
Size

3KB
MD5

a611094dec2d4e72f147e3b4354128b5
SHA1

3f9e270558163ee011cdd286e38ae3ff310c3138
SHA256

85172420f7afb345e07e0d39dc076e43d27bd7be95d2d9a4c4757a1321d7ea85
SHA512

81743886cc71fbf0b79ebd4e6ee03ed03b2399f265aa555b484c0238c4a6b35a921a2ccac87059d415ba1e6c0d51ae055948729ad870cf29e09d0680019176e3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a611094dec2d4e72f147e3b4354128b5_JaffaCakes118

Files

a611094dec2d4e72f147e3b4354128b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55d7c2d261d29a9b903ca5248df91242

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

kernel32

CloseHandle
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcess
GetModuleHandleA
GetProcAddress
OpenProcess
Process32First
Process32Next
TerminateProcess
VirtualAlloc
VirtualFree
lstrcmpiA
lstrlenW

user32

CharUpperW

Sections

.text
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 437B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE