b3ab22dc0bfb4cede8bbd13d6b8496f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3ab22dc0bfb4cede8bbd13d6b8496f1_JaffaCakes118
Size

48KB
MD5

b3ab22dc0bfb4cede8bbd13d6b8496f1
SHA1

f8df39f564a2c1687760b2d46ab9f969b216f5f3
SHA256

2cbf364000e60df0d6d5f385573c9adec12e859be103c06f947cea9ae8adb473
SHA512

838df7106ba84460e9bdf2d208aad93a25b6561c1c28f202b3af5eb6b7be349906417029a4cedd1b4d147ea3ffa4ddc03b9adccebb95ca38aa7048b5ac1fc2a4
SSDEEP

768:0NoxwGuL0SoMlrGtFodl4G3GYO61Z2m5cAgrVDHZHeqDUsCiTY7He5Q0/sgNN:tw7BlrGtFAl45YPz2k4xeqDGiTO0tNN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3ab22dc0bfb4cede8bbd13d6b8496f1_JaffaCakes118

Files

b3ab22dc0bfb4cede8bbd13d6b8496f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b1d1e719212c4f5dbb4d5f32ff945de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
Thread32Next
Thread32First
OpenProcess
VirtualAlloc
VirtualFree
LoadLibraryA
ExitProcess
GetCurrentThreadId
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CreateThread
GetLocalTime
GetModuleHandleA
WriteFile
CopyFileA
DeleteFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
TerminateProcess
CreateEventA
OpenEventA
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
Sleep
GetCurrentProcess
GetProcAddress
CloseHandle
GetStringTypeW

user32

GetInputState
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EnumThreadWindows
GetClassNameA
GetWindow
FindWindowA
PostMessageA
GetWindowTextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RwDat
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE