d64a6398faa3ce161c9182de329dce50_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d64a6398faa3ce161c9182de329dce50_JaffaCakes118
Size

12KB
MD5

d64a6398faa3ce161c9182de329dce50
SHA1

2881379607a042bf50a4a90a8aa7fcdf0d131db4
SHA256

430b3d9800b10807e518132af0a67c496e529bf2ca0057639e9a7216eacb846f
SHA512

73175706e96dff5a5df69e731c9af79a6b912dbe90bcd912ce3728a1e5a44a1d1f924c293d4049a620e217858c44f0a719aa98c27c5093879b6b52166b93d04b
SSDEEP

192:PAdDZDWGIQsMG2S2Klv7Pht0HPVY68INxYFRdDpRUUykYqwSRoX/v:jbMhZKJCbJqwSRoPv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d64a6398faa3ce161c9182de329dce50_JaffaCakes118

Files

d64a6398faa3ce161c9182de329dce50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c24a3c6787bf24ecdb546420807b7e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
FreeLibrary
DeleteFileA
lstrcpyA
lstrcatA
GetCurrentProcess
CloseHandle
PulseEvent
SetEvent
GetProcAddress
ResetEvent
GetModuleHandleW
ExitProcess
ReadFile
GetModuleHandleA
WriteFile
OpenProcess
HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
GetFileAttributesA
GetTempPathA
TerminateProcess
CompareStringA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualAlloc
HeapReAlloc

user32

CharToOemA
wsprintfA
MessageBoxA
ExitWindowsEx
AnyPopup

advapi32

RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE