c907cf9d64b9ab55fed1fa4711629b05_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c907cf9d64b9ab55fed1fa4711629b05_JaffaCakes118
Size

24KB
MD5

c907cf9d64b9ab55fed1fa4711629b05
SHA1

bde3983fd38acb84853d4b1946c8e6664d338807
SHA256

a9b9ccd0f90c17873130f2c1d35f2855ea3409de53275574898e57391499e738
SHA512

81df41b1960a0f1c3354529c4e8037c0a4c8c514efa7abb4a2055cf57069377620799d353690e941b53271d78d922e89e1bd83a6e49b5e6207b37b3aadb38cbb
SSDEEP

192:h4HAbvwlbJkIw2lxrSlouHZFu52Y5TapuNKgZjKGY2RlzmsEtCifCy10:JvybY2lxWloXn5AucQjp9XEtCiqy+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c907cf9d64b9ab55fed1fa4711629b05_JaffaCakes118

Files

c907cf9d64b9ab55fed1fa4711629b05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f85ba325ad10284737a97e6d135a4f69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

AddAtomA
CloseHandle
CreateToolhelp32Snapshot
ExitProcess
FindAtomA
FindFirstFileA
FindNextFileA
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeThread
GetModuleHandleA
GetProcAddress
GetStartupInfoA
Module32Next
OpenThread
Process32Next
SetUnhandledExceptionFilter
TerminateThread
Thread32Next
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
signal

user32

MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE