3daaea9b43190c8f45922efe649aa231_JaffaCakes118 | Triage

Sharing

General

Target

3daaea9b43190c8f45922efe649aa231_JaffaCakes118
Size

25KB
MD5

3daaea9b43190c8f45922efe649aa231
SHA1

fe7481066ab3a6ef3bde29ad7c1d9710dc575e77
SHA256

623b4793279c026468b5db3a0a85e07272e0a10b8483b20a250d3e628998f3ce
SHA512

bbc4e4863a639924b6445027207128734ee62aca2183048438dfb6133b74d9e60071f3fce7b77d0e43ad843e0ffa035075546cd9a3d70aa7192b54d810145fcf
SSDEEP

384:YCpiy7/tdye0KwvDno5ZKZ66z0Ir/ynvw:YCXvSKwvDno5ZK46QIjsvw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3daaea9b43190c8f45922efe649aa231_JaffaCakes118

Files

3daaea9b43190c8f45922efe649aa231_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39f1b70496a17906e588c57956e69617

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
WaitForSingleObject
CreateThread
GetProcAddress
Sleep
WriteFile
CreateFileA
DeleteFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
CopyFileA
GetCurrentThreadId
GetShortPathNameA
GetModuleFileNameA
OpenProcess
TerminateProcess
CreateEventA
OpenEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
LoadLibraryA
VirtualFree
VirtualAlloc
GetCurrentProcess
GetTempPathA
CloseHandle
GetStringTypeW

user32

FindWindowA
GetWindow
EnumThreadWindows
GetWindowTextA
GetClassNameA
PostMessageA
GetMessageA
GetInputState
PostThreadMessageA
TranslateMessage
DispatchMessageA

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyExA
LookupPrivilegeValueA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ