eafb7b63f248160382796c5309caa434_JaffaCakes118 | Triage

Sharing

General

Target

eafb7b63f248160382796c5309caa434_JaffaCakes118
Size

22KB
MD5

eafb7b63f248160382796c5309caa434
SHA1

b6475936e50aeb1eca13ff4ec0964503ab7c4a40
SHA256

408fd3ae722f4a7f027909bf83a0aaa9b1f4ab1812b592bcbc8e139ef4c82fb4
SHA512

138bde7b8686ad054ea171300885ed01d9354cdfb4f712d5d8ed5c4a34fc4ea0b20f5e74536101b1af16358a9c74a0f3fa1d1057d460df104be3e5dd035d8e55
SSDEEP

384:BIhT9Z7b4sGEvHD2N1/E+M8hQgRiE3A6nKtTELEEDc8+pwfYOhDX9zoHWmb:BE9Z4Avg1snYliE3A6JE1WPhDRRmb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eafb7b63f248160382796c5309caa434_JaffaCakes118

Files

eafb7b63f248160382796c5309caa434_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff3357c629adaa00f6f0d86be23f113e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetFileTime
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleA
GetProcessHeap
ResumeThread
GetPriorityClass
OpenProcess
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
GetProcAddress
FreeLibrary
GetVersionExA
GlobalMemoryStatus
CloseHandle

user32

CharLowerA

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE