fbc168a309974d415eb4f3636074c8ef_JaffaCakes118 | Triage

Sharing

General

Target

fbc168a309974d415eb4f3636074c8ef_JaffaCakes118
Size

24KB
MD5

fbc168a309974d415eb4f3636074c8ef
SHA1

7f1953cb7720942de5367f3e94fabd53ad1bd33b
SHA256

ad537227d8de83645c6e3909fd7b186151d40ce099fad430a92e98c36c2bc6b1
SHA512

de3eb62fe5ae2724a4fbeb6479c01b5213a36b1ddb7d70dbfed3b495a9be0d5461c3486cd7372497bebff86f75200de30bf4049a2c8ec70a0e48a9506fe5d6e7
SSDEEP

192:aD4fbLiSkLp2g993QH9u+oAZvtM1SyfsYSm19sO0TRnIEjH2p:akkHK9LoB1Dfsnmr10T6ErG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbc168a309974d415eb4f3636074c8ef_JaffaCakes118

Files

fbc168a309974d415eb4f3636074c8ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80d4997c35d4b8215965915549576ab9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
strncmp
_ftol
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
_strnicmp

user32

MessageBoxA
wsprintfA

kernel32

CreateProcessA
WriteFile
GetStartupInfoA
CreateFileA
WaitForSingleObject
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
GetProcessHeap
ExitProcess
HeapAlloc
CloseHandle
IsBadReadPtr
CopyFileA
HeapFree

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE