ef35c9e4e7793553561ffabffe08105a_JaffaCakes118 | Triage

Sharing

General

Target

ef35c9e4e7793553561ffabffe08105a_JaffaCakes118
Size

7KB
MD5

ef35c9e4e7793553561ffabffe08105a
SHA1

09c30f3e5699cbef475080a833672bfcdacc7dda
SHA256

c2109b33e8ae92c4000c0a795bbda692827e379d6efc5663370a2d6825a97a6f
SHA512

93429919896296d909cf4319c6519208bf527dc4446c3efac8bfae18dd7c6cca29bcfbd454e6dfb3c555f1f1b56137e0ac9b2434deccad79a6c5fd9eb6937ac1
SSDEEP

96:2/1k+yWmPkAccICRL0xbgpqgrMqfJd9GX7xd14Zg/dkf8nA2:ifJAZRL0KA1adO9/4ZidkUA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef35c9e4e7793553561ffabffe08105a_JaffaCakes118

Files

ef35c9e4e7793553561ffabffe08105a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00e824c99435859a7d1453edeb95a446

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
OpenProcess
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualProtect
Sleep
CreateRemoteThread
GetWindowsDirectoryA
WinExec
GetTempPathA
ReadProcessMemory
VirtualQueryEx
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateSemaphoreA
GetCurrentThreadId
CloseHandle
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
GetModuleFileNameA

user32

GetMessageA
PostThreadMessageA
GetInputState
FindWindowA
wsprintfA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyA
AdjustTokenPrivileges

iphlpapi

GetTcpTable

ws2_32

socket
gethostbyname
htons
connect
send
htonl
inet_addr
recv
closesocket
gethostname
WSAStartup

wininet

DeleteUrlCacheEntry
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

urlmon

URLDownloadToFileA

msvcrt

_strlwr
memcpy
memset
rand
srand
_stricmp
strlen

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE