ebd50e43d2a5a9e421667a607362524b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebd50e43d2a5a9e421667a607362524b_JaffaCakes118
Size

3KB
MD5

ebd50e43d2a5a9e421667a607362524b
SHA1

2aa86ddeb392d119b7e941b020fdd3f2e0313f7c
SHA256

96725382c959b625f8156237cff9513342a19dc8efc20376bdb720ecf2438449
SHA512

1bd98ff4c29772e82ae6b5a91fd00b0bb1d377e00697c1ba8e67bc91957e0098e4b40696facfcc0d3576ac5c1c03790e1a9596b0bedf458aa9796172363daeb2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebd50e43d2a5a9e421667a607362524b_JaffaCakes118

Files

ebd50e43d2a5a9e421667a607362524b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b6256050feacb53921708912f8250e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetLastError
GetProcAddress
FindClose
LoadLibraryA
Process32Next
GetModuleFileNameA
FindNextFileA
CreateDirectoryA
CloseHandle
CreateThread
lstrcpyA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
lstrcatA
CreateEventA
lstrlenA
Sleep
TerminateThread
OpenProcess
SetEvent
WaitForSingleObject
Process32First
FreeLibrary
CreateToolhelp32Snapshot

advapi32

StartServiceCtrlDispatcherA
RegCloseKey
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
OpenProcessToken
CreateProcessAsUserA

user32

FindWindowA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE