0f0d90cb2861d4a4c98b717851061230_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f0d90cb2861d4a4c98b717851061230_JaffaCakes118
Size

5KB
MD5

0f0d90cb2861d4a4c98b717851061230
SHA1

58666195f70e923921128c7a8293e4dc2cda6f6a
SHA256

02da6ef7079a9df9945eb7c0a79fedbaec56a425d85cd7e81ab5750193a0dd26
SHA512

5f5c0ae3eba1f6718df03edaa85b296dd4651a374adf510afaf8dd167b08c1d0dd20ee2761a09106ca779db98ef9487a52ab0c0a72c854133bc0ebca4f6de6e0
SSDEEP

96:O1ZjAk1jIsC8AoP05ic31zlc2Xm0muIHbTMDUD:cZjjIsC8AoP05icnbm0muIHXMD8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f0d90cb2861d4a4c98b717851061230_JaffaCakes118

Files

0f0d90cb2861d4a4c98b717851061230_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b60ae4f9c23dd15bf4d35a9bb6b04fab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameW
lstrcpyA
lstrcatA
CreateEventA
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ExitProcess
GetModuleHandleA
SetEvent
CreateThread
CreateProcessA
ExitThread
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadFile
GetCommandLineA
WriteFile
FindNextFileW
Sleep
GetModuleHandleW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

user32

CreateWindowExA
CharUpperA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
DestroyWindow
PeekMessageA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE