e2334419301ff0cbb65ee9705d145ca4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2334419301ff0cbb65ee9705d145ca4_JaffaCakes118
Size

28KB
MD5

e2334419301ff0cbb65ee9705d145ca4
SHA1

692b58b79ff7b3f2401aca459f86492f65dffd52
SHA256

5dffbb5da136a7a0873244baf72cf6f96b533c71f025087b4c7350869836da69
SHA512

ee935a7cc95a55932b66f85618d1151f55f26a86db53815247f4dae92dc5062bd72166ebc5698097658dc3edc4bb937402ba78fd39c606e714d289f8189b4852
SSDEEP

384:9qKChF+ugkA8eRbPlbK7uFrDAjTphEB8+kWUPCkc4AdQ7j:9qJh98lK7uFrq9FXzAKn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2334419301ff0cbb65ee9705d145ca4_JaffaCakes118

Files

e2334419301ff0cbb65ee9705d145ca4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

538614a6c1945ea27251baeac2279642

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
fopen
fclose
sprintf
_mbsicmp
printf
fprintf
_beginthread
_mbscmp
__CxxFrameHandler
_mbsnbcpy
_mbsnbicmp
sscanf
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z

mfc42

ord6877
ord6394
ord6383
ord5440
ord5450
ord2818
ord537
ord540
ord800
ord2107
ord2841
ord3663
ord860
ord941

kernel32

GetFullPathNameA
GetLastError
LoadLibraryA
FreeLibrary
WaitForSingleObject
TerminateThread
CloseHandle
GetCurrentProcess
DuplicateHandle
OpenProcess
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetModuleHandleA
GetProcAddress
GetVersionExA
QueryDosDeviceA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE