e0b1dfb0455c17e76620ade5448e33c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0b1dfb0455c17e76620ade5448e33c3_JaffaCakes118
Size

9KB
MD5

e0b1dfb0455c17e76620ade5448e33c3
SHA1

37fd7b13c31c181008d169c3f361be9638523757
SHA256

03d3f50ec835b954138a3d287bd8efc66ffb322ea209fa9d18c7c9b77d4e4616
SHA512

1bc1b9cb80e48ba8040023f056a10c11d6c27a92e1a963f49fbc87db753486fa058c1fa68b120ec5da50fff8cd465557e35dbb5cc4e02ae7dbe6ad378f4181cc
SSDEEP

192:aLQCmGibbMh2jf3gEhGr/fmy7mrRewJhIFaSBIdPLweYx:aLZQ3fhi/f17mrRewHIFtBaPLi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0b1dfb0455c17e76620ade5448e33c3_JaffaCakes118

Files

e0b1dfb0455c17e76620ade5448e33c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3a008f4f08a505723cdb1f0aaf0d3a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
VirtualProtectEx
GetThreadContext
CreateProcessA
GetCommandLineA
SetThreadContext
ReadProcessMemory
ResumeThread

user32

GetDC

gdi32

SetTextColor
GetTextColor

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE