d38a0edc384e81786ae80293d0e16b87_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d38a0edc384e81786ae80293d0e16b87_JaffaCakes118
Size

22KB
MD5

d38a0edc384e81786ae80293d0e16b87
SHA1

54120bb2474d3249a57b00474dab73e452ffa6b8
SHA256

1392aa9df2d5ae0c84b157a0044baedd70ad08b7b783e8920d9614be35592e83
SHA512

5b86aa1aba8f6cd862fd4f4e1d611d49e1f5df6c6019200a169d8c4592b5d20acf18ccc8434e227e04221b6bedf9ef43d9be9372323f0b925a86a37796c340a5
SSDEEP

384:BRCT9Z7b4sGEvHD2N1/E+M8hQgRiE3A6nKtTELEEDcF+pwfYOhDX9zoHWe7f:B69Z4Avg1snYliE3A6JE1VPhDRRe7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d38a0edc384e81786ae80293d0e16b87_JaffaCakes118

Files

d38a0edc384e81786ae80293d0e16b87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff3357c629adaa00f6f0d86be23f113e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetFileTime
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleA
GetProcessHeap
ResumeThread
GetPriorityClass
OpenProcess
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
GetProcAddress
FreeLibrary
GetVersionExA
GlobalMemoryStatus
CloseHandle

user32

CharLowerA

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

}@
Size: 464B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE