cf4d504b4c6067c307095df37d896c17_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf4d504b4c6067c307095df37d896c17_JaffaCakes118
Size

26KB
MD5

cf4d504b4c6067c307095df37d896c17
SHA1

71ef91a306e19f01f0d8b136c41d2cc2de3c5a99
SHA256

0d0be45accfd8bf9d4ced3fb5641e5ea9870414bb655c9e3a63cee79ee7393ea
SHA512

01203b31ea025b43857a25b72af18f4833c976e4ba56752e077c5ef2bacd497b82cdb5339a9f1180079ccb572599ed7203afce3330240e6de47dc0936172939b
SSDEEP

384:BrLDLGXrKzpllHiFEh801dvGp/SnjYCfn+oI/FDfXgr2C:9Lp1PiF3p4jrnYfQN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf4d504b4c6067c307095df37d896c17_JaffaCakes118

Files

cf4d504b4c6067c307095df37d896c17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0d52c0ec1baa54527aa9e0cbb8ec6ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetFileTime
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleA
GetProcessHeap
ResumeThread
GetPriorityClass
OpenProcess
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
GetProcAddress
FreeLibrary
GetVersionExA
GlobalMemoryStatus
CloseHandle

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

user32

CharLowerA

Sections

Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE