f71569246384cc9924fa6f220b87f375_JaffaCakes118 | Triage

Sharing

General

Target

f71569246384cc9924fa6f220b87f375_JaffaCakes118
Size

32KB
MD5

f71569246384cc9924fa6f220b87f375
SHA1

884ee712fc4ff1f89fa14f7bb44f9c6d605dc2c1
SHA256

90a09811f69e69819786f09d370dd5d5cd791fa70d20a35a1ec8f434fc426444
SHA512

3bbcfa7f1b02b1cdf487ad165bab4dfe376449921b18cd2adf7bc2b91770f24cf0dfa8cdb5691ca26c7fb000b0f6215aa4100c5b7acef464d2f0b51f4ca0e35c
SSDEEP

384:X6/HTnVSVzw14yjFnQUjoy23zfml3AOCcGG5i5Fu0FoS7Ulf:X6/znVPOcFQUjoHzsCyiPueoS7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f71569246384cc9924fa6f220b87f375_JaffaCakes118

Files

f71569246384cc9924fa6f220b87f375_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8156944599fcaead117608830396fb2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetCurrentProcess
GetVersionExA
LCMapStringW
ExitProcess
TerminateProcess
GetCommandLineA
GetVersion
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
GetLastError
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
ReadFile
LCMapStringA
CloseHandle

user32

ExitWindowsEx

advapi32

RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE