c7ffffea7d0f6adcf67d4b94d24a5955_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7ffffea7d0f6adcf67d4b94d24a5955_JaffaCakes118
Size

11KB
MD5

c7ffffea7d0f6adcf67d4b94d24a5955
SHA1

b392b963fc759e3e469194fd11bdfa32402354ce
SHA256

0591c99cd5e69b8bee5a5bd702f007a80566e8a594868e70e81dc375c020e6de
SHA512

cb940df73699ebc0601f9e0f50225fd764ce85d0de82e48a3f47ff57dca2680a1ed5e4c240b39bf73a9bbcf1a07dc358a9c0932651843b8cbe4d9fe808d32966
SSDEEP

192:+i+udmIKVdscFhDGP7hNfawiYL+oSfDtHy/+OMxRJDodW/8AoWEI:+i+HVdX16GNy/+hxRJDodW/8AoWH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7ffffea7d0f6adcf67d4b94d24a5955_JaffaCakes118

Files

c7ffffea7d0f6adcf67d4b94d24a5955_JaffaCakes118
.exe windows:4 windows x86 arch:x86

409efdced5df1433c225504c99853482

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
WinExec
GetTempFileNameA
GetTempPathA
Sleep
CreateFileA
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
ExitProcess
WritePrivateProfileStringA
GetModuleFileNameA
GetWindowsDirectoryA
FreeLibrary
GetLastError
DuplicateHandle
GetCurrentProcess
GetSystemDirectoryA
CloseHandle
GetStringTypeA
MultiByteToWideChar
RtlUnwind
GetStringTypeW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_itoa
_stricmp

shlwapi

PathAppendA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ