3b8d8c8466809a90c385040e30f89fba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b8d8c8466809a90c385040e30f89fba_JaffaCakes118
Size

21KB
MD5

3b8d8c8466809a90c385040e30f89fba
SHA1

55501c2d0355dd6ebeae21c9da97a6deb7ddce45
SHA256

c024bdc8d73ff3958a71417992c9cb9eccbf2db256b7b3402c06cf595eb19377
SHA512

24ca58e41898d26ae53d291539336ecf4618e652fd09c8353892a46b01caaaf0423daa0466268387dee6bbd37ae1d3566bdf3cd675524243fde126249677f668
SSDEEP

384:HCaID9wtTyO0fL3DnodPEWMXyHspAloy0+H:HCaIJw1WfL3Dnod6yHJlop+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b8d8c8466809a90c385040e30f89fba_JaffaCakes118

Files

3b8d8c8466809a90c385040e30f89fba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

23259e931734382dd888211de53b7c38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
WaitForSingleObject
CreateThread
GetProcAddress
Sleep
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
CopyFileA
DeleteFileA
GetCurrentThreadId
GetShortPathNameA
GetModuleFileNameA
TerminateProcess
OpenProcess
CreateEventA
OpenEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
LoadLibraryA
VirtualFree
VirtualAlloc
GetCurrentProcess
GetTempPathA
CloseHandle
GetStringTypeW

user32

FindWindowA
GetWindow
EnumThreadWindows
GetWindowTextA
GetClassNameA
PostMessageA
GetInputState
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyExA
LookupPrivilegeValueA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ