cea816cd308f78bfa4bd124756a1752f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cea816cd308f78bfa4bd124756a1752f_JaffaCakes118
Size

17KB
MD5

cea816cd308f78bfa4bd124756a1752f
SHA1

a771fe0725584bfb9457fe9c269a68b64ea25b33
SHA256

4661ac2603022140e7e811bc413912df28c15a9b7afb67d3277e7ea380d5c134
SHA512

616d86cdf6ce5428576d0cbe0a0d60fecbda7bcff26d26cd80f397bb86ae40c41578921633dd72b4bde87b50d2765cfcdedc2ed53837e47450275e3f9197d9d0
SSDEEP

192:RjRRE0wVrmVZGs1lhPFos7KxbUUKdEbmFPUxcHLD6ImqLNDu8qlL95m:HGfIZGs1TjkUUwFPUxNcu8WL95m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cea816cd308f78bfa4bd124756a1752f_JaffaCakes118

Files

cea816cd308f78bfa4bd124756a1752f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d253bc4ee3d04c45c76924815d38dce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
Sleep
WriteFile
DeleteFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetSystemDirectoryA
WaitForSingleObject
ExitProcess
CreateThread
TerminateProcess
OpenProcess
CreateEventA
OpenEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
GetCurrentProcess
SetThreadPriority
CloseHandle

user32

SendMessageA
GetWindow
EnumThreadWindows
GetWindowTextA
GetClassNameA
PostMessageA
wsprintfA
FindWindowA

advapi32

RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ