c860eb7ea7b60eb68f467e0525aaa075_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c860eb7ea7b60eb68f467e0525aaa075_JaffaCakes118
Size

4.0MB
MD5

c860eb7ea7b60eb68f467e0525aaa075
SHA1

f47f971603e3ceeb456f75c1c9f89a866a5a7384
SHA256

40fd4378eb17587572ea0a078d9cae070fd0384c05580b2cc75a7286efbf4f74
SHA512

b067bbff34ed1e8aeb298babc9c34b26dedf88edbe16a646558d401cf64b91cd1e6ff5336f68ed3557094018604d4accb97bed531fbd05ee5ec74132bfab2fdd
SSDEEP

98304:Ufip/saImZo83AHNSVI0rP4zhU/xFcCfArWWj5yfq8odhwnR0K/b:uip/saxKHNR081+APyS80hwRp/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c860eb7ea7b60eb68f467e0525aaa075_JaffaCakes118

Files

c860eb7ea7b60eb68f467e0525aaa075_JaffaCakes118
.exe windows:5 windows x86 arch:x86

07cd3d0e749e9d16e7a2e0a943c78b7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA
CharUpperBuffW

advapi32

CreateServiceA

msvcrt

realloc

Sections

.text
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0e&
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fON
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YP\
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ