af7d0902f9e094896a5c092a9820c762_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af7d0902f9e094896a5c092a9820c762_JaffaCakes118
Size

24KB
MD5

af7d0902f9e094896a5c092a9820c762
SHA1

0741cae9997e00476c7424d6f4187161e61d7f99
SHA256

a3e969f32260de88fb8aa1ed423b2a2601f592ccd57eaea690995fff2ee43a2b
SHA512

7194691d639dd5edf9f028d27c4500e23142ed7f930acb798292a7e6fffaec4a8b20b74d7f0abc241cc4ef974ef5533e4d2a31a01183acce5117f29cacc9e058
SSDEEP

768:FHhqEHUwJA9SAaQFxfftjaLacmkLGKddm:xAYA9SA7FxffJaLaSLGydm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af7d0902f9e094896a5c092a9820c762_JaffaCakes118

Files

af7d0902f9e094896a5c092a9820c762_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b666374ec2fe1c7d71ee1ecb7497b87e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
WinExec
GetTempFileNameA
Sleep
GetTempPathA
GetProcAddress
CreateFileA
GetPrivateProfileStringA
ExitProcess
DeleteFileA
GetSystemTime
WritePrivateProfileStringA
QueryPerformanceCounter
GetModuleFileNameA
GetWindowsDirectoryA
QueryPerformanceFrequency
DuplicateHandle
GetCurrentProcess
LoadLibraryA
CloseHandle

user32

PostQuitMessage

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcrt

_except_handler3
_stricmp
strrchr
atoi
sprintf
_itoa

shlwapi

PathAppendA

Sections

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ