448320d4f2f12b3554f2b64ac80c4682_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

448320d4f2f12b3554f2b64ac80c4682_JaffaCakes118
Size

13KB
MD5

448320d4f2f12b3554f2b64ac80c4682
SHA1

372a84c4eb7a62ae98ac8deb053f34222a40a2b3
SHA256

1ed9ae16322cf091e038ea432b7b875ea7518dd68f54f798b4093bbab9cd287c
SHA512

73b5c248b2f9dd6057b481262735c28315aab54d1dd0d039fbb817327bf570b6132c5b2d57a4f4b0088d19e948d6b20d2dee05b57d731d8d9ca438a696b29277
SSDEEP

192:HqKNUKfi2OFzNQ36X+uroMGaPFY68sGymD1M9opZRRMRA2pYr6UcnsivWwS26/v:HqK+Kfq5ggMMbbu9dEYrxcLvWwS2Sv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
448320d4f2f12b3554f2b64ac80c4682_JaffaCakes118

Files

448320d4f2f12b3554f2b64ac80c4682_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8f9d54d11db7551f5cb25d4ecb1ebb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
VirtualQuery
GetModuleFileNameA
LoadLibraryA
FreeLibrary
DeleteFileA
GetCurrentProcess
GetModuleHandleW
GetProcAddress
RtlUnwind
CloseHandle
HeapReAlloc
ExitProcess
GetModuleHandleA
GetCommandLineA
OpenProcess
GetShortPathNameA
GetEnvironmentVariableA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
lstrcpyA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
VirtualAlloc

user32

MessageBoxA
ExitWindowsEx
wsprintfA
CharUpperA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
LookupPrivilegeValueA
RegEnumKeyA

shell32

ShellExecuteExA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE