d692b44d96e9a4975ffb950de18f9eb2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d692b44d96e9a4975ffb950de18f9eb2_JaffaCakes118
Size

32KB
MD5

d692b44d96e9a4975ffb950de18f9eb2
SHA1

01182616aa1a96b19d271f58fad050f0208db6d4
SHA256

b70f31651e0be7d9204835b95b1da384efd8227d90200d81763f39786315617a
SHA512

3645ade1efa9238a749a16dc866150cf078d0c27f6510123034072c9767029774e1b8abde54bd32f6b223f0df74b0fd51ace112467ddacb363dc85bb78649097
SSDEEP

768:q9/ORi1ld+bSawjRzAsjimi6tAgN3rh5qQSEeFLz4tQ:q9GRibdtFzAsumnfFMItQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d692b44d96e9a4975ffb950de18f9eb2_JaffaCakes118

Files

d692b44d96e9a4975ffb950de18f9eb2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b789507e7e2fcf77cfdc0e5c06180c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
lstrcpyA
CreateProcessA
GetWindowsDirectoryA
DuplicateHandle
GetCurrentProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
VirtualProtectEx
WriteFile
GetSystemDirectoryA
GetFileSize
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetFileAttributesA
ExitProcess
GetStartupInfoA
GetCommandLineA
SetFileTime
GetFileTime
WriteProcessMemory
Sleep
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetSystemTime
SetSystemTime
GetComputerNameA
GetModuleHandleA

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

msvcrt

strlen
atoi
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_EH_prolog
memset
strcat
_strnicmp
memcpy
free
malloc
strcmp
strncpy

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE