0c2c8ce8e4748d0fa0a009af4922f7b0_JaffaCakes118 | Triage

Sharing

General

Target

0c2c8ce8e4748d0fa0a009af4922f7b0_JaffaCakes118
Size

22KB
MD5

0c2c8ce8e4748d0fa0a009af4922f7b0
SHA1

46014a03ef964fcf4a9e5349f176e9a287f8ac3b
SHA256

de9843f9d533574fbce3d903adbad0930a764110c3c889db75577aba16fe05c0
SHA512

d0f94a0fe298384185ff5242208dec789a98c2be8071f82539b82179d66260ec790c4be842d93b4c5b1764d46ea58649d28f3dc182be88898e8f0f9a1fc64b51
SSDEEP

384:IOOv1s4N1PWTwdz1kmOGoicwSiLyknoGEsLHRi5XQQSxZyOzoEFP03c1lJ2:IOtGoxwhykokxiXQQK9oUP03c1l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c2c8ce8e4748d0fa0a009af4922f7b0_JaffaCakes118

Files

0c2c8ce8e4748d0fa0a009af4922f7b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

965e785e8641e06f8d56f9726b38f884

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegSetValueExA
AdjustTokenPrivileges

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteFileA
FindResourceA
GetEnvironmentVariableA
GetFileSize
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetTickCount
LocalAlloc
LocalFree
MoveFileA
MoveFileExA
OpenMutexA
ReadFile
SetCurrentDirectoryA
SetFilePointer
Sleep
TerminateProcess
WinExec
WriteFile
lstrcatA
lstrlenA

user32

EnumWindows
ExitWindowsEx
GetDlgItem
GetWindowTextA
PostMessageA
wsprintfA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE