4628a0d7413deddab31f060b3673fbb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4628a0d7413deddab31f060b3673fbb4_JaffaCakes118
Size

11KB
MD5

4628a0d7413deddab31f060b3673fbb4
SHA1

9ceaf375e9e8926fcdc09381ad4a31383a3b9838
SHA256

688ae9576f3b5173618d6c6b26823da459901f65dd91b30ddd504b4b8d6a94f8
SHA512

6dd7ea053e3faba3063611066a4297bea24c97a143a23bf6ad59c2e7b0cf2d2183f3b66ece8adfe2109c8086df5f3399c202315ac0877c58e9627b3cabfed8df
SSDEEP

48:UZkqIpwQV7dGg4BgCCxAslE/lEfwXFae2:F9pLICxplelZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4628a0d7413deddab31f060b3673fbb4_JaffaCakes118

Files

4628a0d7413deddab31f060b3673fbb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

254b782ba700c093b9ef1bc4a2808a90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadContext
ContinueDebugEvent
WaitForDebugEvent
SetThreadContext
WriteProcessMemory
lstrcpyA
ReadProcessMemory
CreateProcessA
GetProcAddress
GetModuleHandleA
lstrcmpA

user32

PeekMessageA
DispatchMessageA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE