2f9f09673d09f36fefce4630314de9d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f9f09673d09f36fefce4630314de9d2_JaffaCakes118
Size

31KB
MD5

2f9f09673d09f36fefce4630314de9d2
SHA1

ddaf9d691d65be015c56cbd19d697d2be448c4ba
SHA256

c9cfa49fed97742ed25d12d06c23d32df081121c238e2f761ca0b1a48bb27786
SHA512

9b5df8d6ca4fff90717c9bf89a62043d2b795ca4cd32ac7ab7378dbca41e73e973d1e2c5f3d60ca141806b073f35cd02cfa781686850e826b50523584bb2e1db
SSDEEP

768:oKNg/P4foWs4nF7tlj7aFFC/aNAgWil0g3I+:oKNAP4fo4x+owAgR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f9f09673d09f36fefce4630314de9d2_JaffaCakes118

Files

2f9f09673d09f36fefce4630314de9d2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ed1cfad9c34bd15927812be43c1e6f5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteFileA
ExitThread
GetCommandLineA
GetSystemDirectoryA
LoadLibraryA
OpenProcess
Process32First
Process32Next
SetEndOfFile
SetFilePointer
Sleep
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Sections

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE