ba30f60e24c6eec0e7dbdb1e827705c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba30f60e24c6eec0e7dbdb1e827705c3_JaffaCakes118
Size

56KB
MD5

ba30f60e24c6eec0e7dbdb1e827705c3
SHA1

87cd553a6e22bbdc2720abe2d4a7d32f02fbf1de
SHA256

b6add658375bc633c6d56af032912e265f35680169f48b420806d967089bfecd
SHA512

1ac095cabbd152c9079fdf06a4748182a9c8bf19c347c5bae68e202ac68bf9bc26d97c527b68928d213eaee1b2c26e2ac7ee688a707f0dc1c66776afbe5dc060
SSDEEP

384:3XHGQtf2HcjWLMNkyvoNRn0NFUrCb90C79UtS2E0ZaYfJVavAfgG7r:3WQZWAnoN50Yc2Y2haxvNG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba30f60e24c6eec0e7dbdb1e827705c3_JaffaCakes118

Files

ba30f60e24c6eec0e7dbdb1e827705c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca5443f93a2fab8c1a642d402740510c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
malloc
free
memmove
modf
toupper
atoi
_ftol
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
sprintf
strncmp
_strnicmp

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
TerminateProcess
CloseHandle
Process32Next
GetModuleFileNameA
CreateFileA
DuplicateHandle
GetCurrentProcess
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
WriteFile
OpenProcess
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
GetVersionExA
LCMapStringA
Sleep

shell32

ShellExecuteA

advapi32

RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA

user32

DispatchMessageA
MessageBoxA
GetMessageA
PeekMessageA
TranslateMessage
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE