119d7459952a2ad3a46cf86e6b08dc9e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

119d7459952a2ad3a46cf86e6b08dc9e_JaffaCakes118
Size

42KB
MD5

119d7459952a2ad3a46cf86e6b08dc9e
SHA1

242b700c7a5d4f254ff6fe8e1b895e0a0ff71e1d
SHA256

1568ea71792211c65216b1beacf1eba92f2f24db0e9fd0ee6dd0f03ebd0388a0
SHA512

71cb07bddf2d919b5ba38d1c84bb7550ee2dd69fe6201e9f628497f5ff9fc5c5c2cd60d2d2ff8ef4292f9cf4d9ca4874a96992d85bc47f442a727fb481e951a0
SSDEEP

768:DzsqxSB6IDhKuc+P4wn8BDeY16Pk9oP52UsQu:3DG0uc+G0YgnoUsV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
119d7459952a2ad3a46cf86e6b08dc9e_JaffaCakes118

Files

119d7459952a2ad3a46cf86e6b08dc9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2eb25a24b53968c55797929a03bb3b67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
ExitProcess
GetCommandLineA
GetExitCodeThread
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
Module32First
Module32Next
OpenMutexA
OpenProcess
ReleaseMutex
Sleep
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA
ResumeThread
GetPriorityClass
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
CreateFileA
CopyFileA
TerminateProcess
CloseHandle

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyA

shell32

ShellExecuteA

user32

FindWindowA
GetWindowThreadProcessId

Sections

Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE