30096f35fad59a9f4777c9a8c345e963_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30096f35fad59a9f4777c9a8c345e963_JaffaCakes118
Size

11KB
MD5

30096f35fad59a9f4777c9a8c345e963
SHA1

468f62bd33ad0d4c97f9a56a23746d0d0dcebc55
SHA256

639a25c35825d4caf56f4ab62756e607dfa7eb1f15e08662694829b3cbb30d2e
SHA512

ccd13e4d5be374abf959586a9c40a9c989a0b207f38c82e023eee6ae20f80a936dc088cf7fd098f2c88495e65695229eee33430f6b8566de7bcb4bf1d491216c
SSDEEP

192:3sV1TaBkBxe/0qyAIzvycMNL4DqIk+7GvuSGUTpiTc/eGg:7SeM3DycaAbETpEc/eGg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30096f35fad59a9f4777c9a8c345e963_JaffaCakes118

Files

30096f35fad59a9f4777c9a8c345e963_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d2ad9b4638ef63952981a6448278054

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemDirectoryA
GetVolumeInformationA
MoveFileA
OpenProcess
SetFileTime
GetModuleHandleA
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA
GetModuleFileNameA
GetLastError
GetFileTime
GetCurrentProcess
ExitProcess
DeleteFileA
CreateRemoteThread
CreateProcessA
CreateFileA
Sleep
CloseHandle

user32

ExitWindowsEx
FindWindowA
GetWindowThreadProcessId

advapi32

RegDeleteKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA

ole32

StringFromCLSID
CoTaskMemFree
CoCreateGuid

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ