5525428db29f6bae5f4d43683e855b70_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5525428db29f6bae5f4d43683e855b70_JaffaCakes118
Size

5KB
MD5

5525428db29f6bae5f4d43683e855b70
SHA1

99da69ed934a79da5c8ddd6b3c7fe5acac8356fb
SHA256

01d91a0832f63f090ab3746390fe09732eac3d437fbcc14ff3201d9fa5c40b8e
SHA512

58a4d5ff3a74d0d0543e972ed590eb90e85b5669fd352687b1dd33908c7684be335dcdeb0231dc0ca1d60cd04bd77b4cc6c2631676a5f3a80469135640d72c96
SSDEEP

96:RySwUSDHtdX1ArpU4jdSLAOJ4sq+hPtboynYf3Qb:eU0ahjUb4shhP1oynYf3c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5525428db29f6bae5f4d43683e855b70_JaffaCakes118

Files

5525428db29f6bae5f4d43683e855b70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d4f492106d8933c89c773fa0039ceda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
CopyFileA
Sleep
CloseHandle
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetLocalTime
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetModuleFileNameA
CreateProcessA
GetModuleHandleA
GetStartupInfoA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
OpenProcessToken

shell32

SHGetSpecialFolderPathA

msvcrt

strlen
strcpy
strcat
memset
sprintf
strcmp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE