bb3138869dda56888a040a642a99f65b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb3138869dda56888a040a642a99f65b_JaffaCakes118
Size

20KB
MD5

bb3138869dda56888a040a642a99f65b
SHA1

145bf7ec2aa05e00f1945b0a5b20d7f28c63efed
SHA256

91052ed6016542c4bc8a75cbaba1b73b14d4ecdcf0297f96a7b666e1c3dc288c
SHA512

e1d256ca9d85f0d955334e1a92081871b47a4b14034ee796e32bb81001d2e18bd9de73912850b21592e3d7eaa08925742ab302d81401d15d2f3ecbdf5b655440
SSDEEP

192:L9ZT0Xj9pFJmmhTBZtodN1t+3G19p5B8TCFsOdyarQXtyIaBbNb:rKjuQTUoyfhJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb3138869dda56888a040a642a99f65b_JaffaCakes118

Files

bb3138869dda56888a040a642a99f65b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

780aff5ba8cec24ce067340e079374a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetSystemDirectoryA
Sleep
GetProcAddress
LoadLibraryA
CloseHandle
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
OpenProcess
WinExec
GetWindowsDirectoryA

user32

FindWindowA
GetWindowThreadProcessId

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE