c8bef681b4b70ae453cf227e46b920d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8bef681b4b70ae453cf227e46b920d7_JaffaCakes118
Size

360KB
MD5

c8bef681b4b70ae453cf227e46b920d7
SHA1

b29da13e4e920f06384267af1dccf0ae2516dd99
SHA256

265b6fbb893029ca6875db073f0e80a721e7f4224c81dda90242b0254947a1f8
SHA512

b143e463d1eadafdc6cc5093f99e1e3302f9b39df515281b2d7f5c8e38225f617d1e28f0b56259e74574e8b7a83f719b835bdcd057b5bbff3d39ee42c95588da
SSDEEP

6144:FZUhGYQ/uMhqBncix4XzHGlIqz4QLSAz5b+k7+wPxqTqzvEZg1X1fainh0MR93:FGhcFqBci8m6qz6q5b+k7+w5qLZGdaii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8bef681b4b70ae453cf227e46b920d7_JaffaCakes118

Files

c8bef681b4b70ae453cf227e46b920d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0265c57b799170ebdabd7b8ae344bde8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA

kernel32

CloseHandle
IsBadReadPtr
HeapFree
LocalSize
RtlMoveMemory
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
ResumeThread
WaitForSingleObject
GetEnvironmentVariableA
TerminateProcess
lstrcpyn
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE