1656c4b69cf68ed423b27f67a50f30e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1656c4b69cf68ed423b27f67a50f30e3_JaffaCakes118
Size

60KB
MD5

1656c4b69cf68ed423b27f67a50f30e3
SHA1

6390f1f373236a592ac61b2554b2f8a8298dd83c
SHA256

e713a56d140861fbf3d45d929d488c9aef618f8cf1843406fe3c03cdf6f3fab4
SHA512

e20a146985d5b08c6b95ffac1e6110dc201e7646dcde2395674faee88cb73a21325afc0f3bcf4ce5ec10f735eecd592530003555a12bde32d539b1acae02012b
SSDEEP

768:E/cEPPbiW50gXk6Awvy91AC7lXL7PTkEaxyRC:XEPPp50W6B1X7lbLTkE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1656c4b69cf68ed423b27f67a50f30e3_JaffaCakes118

Files

1656c4b69cf68ed423b27f67a50f30e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39e238c67e6960e087cd103c5e5d38b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ReleaseDC

kernel32

ExitProcess
FindResourceA
GetCommandLineA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
LoadResource
LockResource
MoveFileExA
OpenProcess
Process32First
Process32Next
DeleteFileA
SizeofResource
Sleep
TerminateProcess
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
CreateFileMappingA
MapViewOfFile
ReadFile
ReadProcessMemory
SetFilePointer
UnmapViewOfFile
lstrcmpA
CreateToolhelp32Snapshot
CreateRemoteThread
CreateFileA
CopyFileA
CloseHandle
RtlZeroMemory

advapi32

RegRestoreKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

Sections

VBS000
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VBS001
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VBS002
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE