ad17396d60f8cf5ad9124c4953734e9f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad17396d60f8cf5ad9124c4953734e9f_JaffaCakes118
Size

160KB
MD5

ad17396d60f8cf5ad9124c4953734e9f
SHA1

25cf952750a436651621066ce6c1a3c3170516fa
SHA256

90e16afd2189e0676a30068c41aac702021e8ad2a8c62ed9c3e61e0611b79ab2
SHA512

1116cfa6ba0b4ecbe8137dd1e28a49e967870a8d2b965ab96645e985dafbc45bd0fded93129c15a50251dc6005ae1a72ebf427089320eba8d12a18735e517e95
SSDEEP

3072:GwOQpDoetDTIdOVmZWXyaiedMbrN6pnoXvBsZm:GGZ7C+SNaPM4loB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad17396d60f8cf5ad9124c4953734e9f_JaffaCakes118

Files

ad17396d60f8cf5ad9124c4953734e9f_JaffaCakes118
.exe .pdf windows:4 windows x86 arch:x86 polyglot

0fd75817e88bc985535ca2b23c86ca86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetTempPathA
CreateFileA
GetModuleFileNameA
GetModuleHandleA
ReadFile
OpenProcess
GetLastError
GetCurrentProcess
GetCurrentThread
lstrcatA
WriteFile
CloseHandle
TerminateProcess
WinExec

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken

shell32

ShellExecuteA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE