b668666aeff4efff4a62a9337982ad52_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b668666aeff4efff4a62a9337982ad52_JaffaCakes118
Size

6KB
MD5

b668666aeff4efff4a62a9337982ad52
SHA1

5a5a8fb1dc0eb87f39dd5b256dba6ff0ed123725
SHA256

d7606613a932efa6707b50340b5e89dda18e48b5c5dad9352e2caebb4718b447
SHA512

116a77f6f03738fbe3192470be766f04e804ae46b71b567348d1362ae3b19c9afd1107833ca03ff0854b08d4e8423b2ac3ceaff447ba66cec4b2ce96e0142f9b
SSDEEP

96:f7LzcKq4O/1qrkefTlpbv+UR3Dx/NwMYzUJM/D:f7LzcK+/1+fT3v+UhDHwVzq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b668666aeff4efff4a62a9337982ad52_JaffaCakes118

Files

b668666aeff4efff4a62a9337982ad52_JaffaCakes118
.exe windows:5 windows x86 arch:x86

92dd7767259d6923101676751c8717f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLastError
GetProcessHeap
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
DeleteFileA
WriteFile
CreateFileA
GetModuleHandleA
GetTempFileNameA
GetTempPathA
GetTickCount
lstrcpyA
LocalAlloc
LocalFree
lstrcatA
lstrcpynA
ExitProcess
Sleep
VirtualAlloc
GetCurrentProcess
lstrlenA
VirtualAllocEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ