0d95a1342e4b3d4e37e52b5d1d999fc2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d95a1342e4b3d4e37e52b5d1d999fc2_JaffaCakes118
Size

22KB
MD5

0d95a1342e4b3d4e37e52b5d1d999fc2
SHA1

0734b427cbf0c7926884392baec9b4171a5216d7
SHA256

d4ca4ee5e0652852497041d7be9e82b7d5a2e3d93fc3a1e23c7b7dd2ca755995
SHA512

9f5ea6edc333725d95502e185448f981d442c02b7f1d8bda123de3ea644e4fc6b4c96a93d210f2be70e1c5c7afba9621c33adaaf30b2bb6616f521c5ace8c4be
SSDEEP

384:BIjT9Z7b4sGEvHD2N1/E+M8hQgRiE3A6nKtTELEEDcF+pwfYOhDX9zoHWAV:By9Z4Avg1snYliE3A6JE1VPhDRRAV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d95a1342e4b3d4e37e52b5d1d999fc2_JaffaCakes118

Files

0d95a1342e4b3d4e37e52b5d1d999fc2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff3357c629adaa00f6f0d86be23f113e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetFileTime
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleA
GetProcessHeap
ResumeThread
GetPriorityClass
OpenProcess
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
GetProcAddress
FreeLibrary
GetVersionExA
GlobalMemoryStatus
CloseHandle

user32

CharLowerA

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE