bdeafcb8866e05d0c46031b53a8af80e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdeafcb8866e05d0c46031b53a8af80e_JaffaCakes118
Size

4KB
MD5

bdeafcb8866e05d0c46031b53a8af80e
SHA1

2783f0bc310c66b2d2b339945d1365ba0b5c54a8
SHA256

bb25a9d5e69892df03ba2e32315e60358e7b9ffed6c7d71fe8720df203be8c99
SHA512

c10532407002c1b33e9a2696b0bfb0cc5f1f85d5a058bbec37f31d5c21953ea92e085eaf77fb21855e32d8554456ddd0bcd902a7f125f5989ab7c2aba5f2c173
SSDEEP

96:Up5Clz5qr5S5+5JwF5ne5m5O50fve80+xrBg:liuqJcKS60HeR+xrB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdeafcb8866e05d0c46031b53a8af80e_JaffaCakes118

Files

bdeafcb8866e05d0c46031b53a8af80e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4159a86083502cf1c324e288867647b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetTempFileNameA
GetTempPathA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
GetModuleFileNameA
Sleep
TerminateProcess
WinExec
WriteFile
lstrcmpiA
lstrlenA
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateFileA
SetFilePointer
CloseHandle

advapi32

RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ