fb76153ae13362dcd9063db5237d3d79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb76153ae13362dcd9063db5237d3d79_JaffaCakes118
Size

19KB
MD5

fb76153ae13362dcd9063db5237d3d79
SHA1

d958747740f489aba04a4687194ecfaeb2b072c9
SHA256

399b1e7dba00bea05af28dc6681b35ddaacc6039ccc4ba3352f8f40dc3582f62
SHA512

89210d7ae883e01cc454c22b66c63bd69e4e77e4577fe9f695c09865e2e2433b1dd457e9245c7a5ab5b4bd4240c020a9f1a624211a5b18ddfc3ae53c905f3901
SSDEEP

384:7kvwm1F00Q+ifkS3iOSH1thfz+SPIQdBBR6Kc:7kom1G0Q+ifUOSVjNdQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb76153ae13362dcd9063db5237d3d79_JaffaCakes118

Files

fb76153ae13362dcd9063db5237d3d79_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fbdb2a253adddb844cd57839dc1ee036

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
MoveFileExA
GetTempFileNameA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
CopyFileA
GetFileAttributesA
lstrlenA
GetDriveTypeA
TerminateProcess
GetModuleHandleA
Sleep
GetModuleFileNameA
MoveFileA
GetLastError
GetTickCount
ReadFile
SetFilePointer
GetLogicalDriveStringsA
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
GetCommandLineA
Process32Next

user32

wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA

dbghelp

SearchTreeForFile

msvcrt

exit
sprintf
??2@YAPAXI@Z
memset
strstr
strncpy
strcpy
??3@YAXPAX@Z
_stricmp
_access

Sections

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ