0fafd2708e93dff6eef28590e609e1fc_JaffaCakes118 | Triage

Sharing

General

Target

0fafd2708e93dff6eef28590e609e1fc_JaffaCakes118
Size

28KB
MD5

0fafd2708e93dff6eef28590e609e1fc
SHA1

8b02d07718130bb401d4f76b5d6a7832aea2788f
SHA256

f45444efbbb8607b6d5f794db2bf40f7b2a31709fbe2a975ee19f9ede9372302
SHA512

a49938823c25eee839024f0cc4d5bc8435f6b90a3198c18df807f1d9b6c32eec9d32eec5f5b55ab555120cf738500a64a5b4b6e1140558376f5120bc15e0ca82
SSDEEP

192:oL95dIm0esghYlrQXtyAJ6mZBdZD3BRc/QuuPLPSJxhrMTdG0BK2wYiYUZIqU7YH:oLlmxoy86mllBRwdxhr7U6C3AbJoh3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fafd2708e93dff6eef28590e609e1fc_JaffaCakes118

Files

0fafd2708e93dff6eef28590e609e1fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c396c2d285c4a86b1578ac84a73d8c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
OpenProcess
MultiByteToWideChar
lstrcatA
GetProcAddress
LoadLibraryA
CreateProcessA
VirtualProtectEx
VirtualAllocEx
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetCurrentProcess
CreateRemoteThread
lstrcpyA
GetSystemDirectoryA
GetStartupInfoA
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetModuleHandleA
FreeLibrary
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW

user32

MessageBoxA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE