f093fd162ed350be382c1488d1c1ca0d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f093fd162ed350be382c1488d1c1ca0d_JaffaCakes118
Size

7KB
MD5

f093fd162ed350be382c1488d1c1ca0d
SHA1

cdd99257749e55929ce18af60254b3346c5ad064
SHA256

3894e5a11ac596cb07b5f316297d9ec5efea48222b1bb088ba3370012b7457b3
SHA512

55071a4c93ee511126940a7724c9607e9a874fb2105f85ff1c29c4c324eb9770f7fa51ab2db5e2623503a3006b3e8ee239d72284e115bfff74d2232601a11146
SSDEEP

192:qlGUOHbzKEKA304r/ra6qvoLE3VYlfq7:QGUk+Ez9qvoiVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f093fd162ed350be382c1488d1c1ca0d_JaffaCakes118

Files

f093fd162ed350be382c1488d1c1ca0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dcf827d7b0db0eb3a28109e3a312411

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
strstr
NtQueryInformationProcess
RtlZeroMemory

shlwapi

PathFileExistsA

psapi

GetProcessImageFileNameA

kernel32

lstrlenA
lstrcpyA
lstrcmpiA
lstrcatA
OpenProcess
LoadLibraryA
CloseHandle
CreateMutexA
ExitProcess
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree

user32

UpdateWindow
TranslateMessage
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
GetMessageA
LoadCursorA
PostQuitMessage
RegisterClassExA
SetTimer
ShowWindow

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ