bb9ab121b40907357b09ea60795b4f12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb9ab121b40907357b09ea60795b4f12_JaffaCakes118
Size

5KB
MD5

bb9ab121b40907357b09ea60795b4f12
SHA1

b1369be96f57be99a60ff24a9a8b4ad79c0170c8
SHA256

2ddbcb21476b54f9793e40e7753de0970b74ab0e0c7f7567faa30276659f5210
SHA512

84181316952902398a8a57a0d40e31912282d719787ab552e46e6b94193227b7957dbdb29b562d40d7d74fd15e6484fabc72c4ed6c06cad721115c8396cafa51
SSDEEP

48:6Q5SIir1PCXyU2IZuwYMHzzB11JqtwJwQaQwh1LQ:Jz21PCXyMfdzzrLaHQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb9ab121b40907357b09ea60795b4f12_JaffaCakes118

Files

bb9ab121b40907357b09ea60795b4f12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de4d8386da666cec5af32eb485ad9542

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowA

shlwapi

StrCmpNA

kernel32

Process32First
lstrlenA
lstrcpyA
lstrcmpA
CloseHandle
CreateFileA
CreateRemoteThread
CreateToolhelp32Snapshot
ExitProcess
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
GetStdHandle
OpenProcess
Process32Next
ReadFile
RtlZeroMemory
Sleep
VirtualAllocEx
WaitForSingleObject
WriteConsoleA
WriteFile
WriteProcessMemory
lstrcatA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE