566ae768ea2f28a6447ab9208bd7a898_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

566ae768ea2f28a6447ab9208bd7a898_JaffaCakes118
Size

30KB
MD5

566ae768ea2f28a6447ab9208bd7a898
SHA1

c5376285aaa8868324bc8e622b7c0ad1248b4c26
SHA256

72846201552a936ce4528e1bdcc456e54058f74e627850564e0cf04442558246
SHA512

8e2c710462bcf738c9e3873c91640944287000e878b6b6ecb9c34e02140858570a66bf93504398b68a9decf826326e53b7955750f018bc2db93e4db729f58664
SSDEEP

768:/vlLBdBVltSya/awwZzpfn1WjLc2IxHUw0mQMGyz:/vhB9blWabnv0jfmH3Gyz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
566ae768ea2f28a6447ab9208bd7a898_JaffaCakes118

Files

566ae768ea2f28a6447ab9208bd7a898_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2550fcc0100cc2c5b2926f743f0a9b5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__getreent
__main
_impure_ptr
atoi
calloc
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
getopt_long
kill
malloc
optarg
opterr
optind
optreset
perror
printf
puts
realloc
sprintf
strcmp
strrchr
strtol
strtoll

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
GetCurrentProcess
GetLastError
GetModuleHandleA
OpenProcess
TerminateProcess
WaitForSingleObject

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE