fa726382ca90bda87f086e7943dedf74_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa726382ca90bda87f086e7943dedf74_JaffaCakes118
Size

9KB
MD5

fa726382ca90bda87f086e7943dedf74
SHA1

91a96d98fdf5c8e71cfb676873d1800c15f23c9f
SHA256

f45e8949f7e10e7d02e0d6c72e4ade0dec8e6242f9a3b7c0eea15cef46dbe2bd
SHA512

12dfeff6061d0c59932a6a3e87e63aa47090d5b7128e9389d7767b168aeff1a48367424cae7bda3f18188b13c9e78f13eb2ad480bf9f8b20a714c4200a4a0a8e
SSDEEP

192:MXgt0Krj4UKKVRx35heqfpWedHyDqSoDjZwFS5Xo9:4gt9fxqEyMjOS5Xo9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa726382ca90bda87f086e7943dedf74_JaffaCakes118

Files

fa726382ca90bda87f086e7943dedf74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce1ae9fec8111a7921e0e34f6c3e583c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
CreateRemoteThread
GetProcAddress
GetModuleHandleA
Process32First
VirtualAllocEx
OpenProcess
GetFileAttributesA
IsBadReadPtr
Process32Next
GetCurrentProcess
GetWindowsDirectoryA
CreateProcessA
GetModuleFileNameA
WriteProcessMemory
lstrlenA
ExitProcess
TerminateProcess
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
RtlUnwind
WideCharToMultiByte
LCMapStringA
LCMapStringW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

Sections

.scode
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ