ea9f84d9592cecd8e9fab716014d18e1_JaffaCakes118 | Triage

Sharing

General

Target

ea9f84d9592cecd8e9fab716014d18e1_JaffaCakes118
Size

12KB
MD5

ea9f84d9592cecd8e9fab716014d18e1
SHA1

706888ca8b0708df671b67845347e39fa4deffc8
SHA256

1adec165ba1327f66cbc983263a24104bb5a05aee98adbfdb0093803b825e27d
SHA512

738a9d1b39ef489da92a75dce1ac234d32aebba3957539762165f68647d3b78b173d5b9916c889a0a95f26d18c50936887a49449adb1e5a04c879cfaeab71a5c
SSDEEP

192:3Z+Bop6OzJeigxArooL+oRMUcwBWOK7oQFEMFCV9k/R+nnKiGa73PuA9V:3Z+26Ok3xUoo4iWOK790kcn5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea9f84d9592cecd8e9fab716014d18e1_JaffaCakes118

Files

ea9f84d9592cecd8e9fab716014d18e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a824f9b5670f930b0da66723e7b3827d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetProcAddress
ExitProcess
GetSystemTime
GetTickCount
lstrlenA
GetCurrentProcess
LoadLibraryA
CloseHandle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE