0fe4b4bd551980f9ad8684e9fb794ba8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fe4b4bd551980f9ad8684e9fb794ba8_JaffaCakes118
Size

15KB
MD5

0fe4b4bd551980f9ad8684e9fb794ba8
SHA1

de79d25a3f0c18a946e0362ca421b85831550316
SHA256

5a2c95899417216a4a39ebc24ec17823f2562ace1b59dbd169178f094a9f367a
SHA512

cdc7e4baf0da156c6e70f13dd7c4578b38b916aa301284ad8a185526767a57ea270e7fb354a3adb3c2e903cca93d4d7c06f0b1dcff82729ecce467f4ef8ee011
SSDEEP

192:+b+vbRI4/1Iqkj6mFDmNCy2D/Ed+vuG6SuFLdBs2u/zL0Zb0jbNP4oy:M+vbRI4/qqG1FDHYd+mGgkMZwjN4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fe4b4bd551980f9ad8684e9fb794ba8_JaffaCakes118

Files

0fe4b4bd551980f9ad8684e9fb794ba8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a8eeb64719cee9cb34e94d0f042818a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
DeleteFileA
ReadFile
Sleep
SetFileAttributesA
WriteFile
CreateThread
GetCurrentDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetCurrentProcess
CloseHandle
GetCurrentThread
CreateFileA
SetThreadPriority
lstrcpyA
lstrcatA
GetLocalTime

user32

FindWindowExA
FindWindowA
wsprintfA
SendMessageA

advapi32

AdjustTokenPrivileges
SetEntriesInAclA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
LookupPrivilegeValueA
OpenProcessToken
BuildExplicitAccessWithNameA

shell32

SHChangeNotify

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA

msvcrt

rename
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
strlen
memset
memcpy
strchr
sprintf
memcmp
_except_handler3
_exit
_XcptFilter
exit
__p___initenv

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ