d1e61d97349a5902c42ad8b197073c35_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1e61d97349a5902c42ad8b197073c35_JaffaCakes118
Size

27KB
MD5

d1e61d97349a5902c42ad8b197073c35
SHA1

5e6a71f142c3cbe9f3c875187595c346c45f4cfd
SHA256

d9a155a2aea26263392b03f8268d65af130563f256b8c90eb3bdbfc4a37c6612
SHA512

78f46506f5f92d899392466dd1e5a2ddef55768bbb66ab54ab968df96b3d02472409eec2f604fd3c02242b737190225f206baf948026f4fe4d28ab01e6119205
SSDEEP

768:ZgCHFSLESoMlTuVHWNy9feIaswq0p8bIs:5HFaBlTuf9wTqO8N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1e61d97349a5902c42ad8b197073c35_JaffaCakes118

Files

d1e61d97349a5902c42ad8b197073c35_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0318be5de917d71a823fb3691b05cd2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
Thread32Next
Thread32First
OpenProcess
VirtualAlloc
VirtualFree
ExitProcess
GetCurrentThreadId
CreateRemoteThread
LoadLibraryA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CreateThread
GetLocalTime
GetModuleHandleA
WriteFile
CopyFileA
DeleteFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
TerminateProcess
CreateEventA
OpenEventA
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
Sleep
GetCurrentProcess
GetProcAddress
CloseHandle
GetStringTypeW

user32

GetMessageA
TranslateMessage
DispatchMessageA
GetInputState
PostThreadMessageA
EnumThreadWindows
GetClassNameA
FindWindowA
PostMessageA
GetWindow
GetWindowTextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RwDat
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE