ebda87a8d88dedefa10183ba617db293_JaffaCakes118 | Triage

Sharing

General

Target

ebda87a8d88dedefa10183ba617db293_JaffaCakes118
Size

30KB
MD5

ebda87a8d88dedefa10183ba617db293
SHA1

859d2c6339b5ec7620508866efe954bb1db548d2
SHA256

3d760304d7080c7c21803c832dfe297938b31fbdf873cd3ab6a9d0cd44d7b6b6
SHA512

a35ed14dee8eecdc9602786e19136236fadbe3981ea6e26437fac3abe952eaeec2b22603a1417768108673a500947cb121fe4c0c2deb3efe1e4bc2c403f47af4
SSDEEP

768:+O8CVgvhyj1DaVrnMU2s55555CIPWoFhgu7:Yhyj1DGPqyWo3g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebda87a8d88dedefa10183ba617db293_JaffaCakes118

Files

ebda87a8d88dedefa10183ba617db293_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ec90a3bfc571b6593cc1f88325d17f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__p__fmode
__set_app_type
_controlfp
__setusermatherr
_initterm
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
fopen
memcpy
fclose
fwrite
??3@YAXPAX@Z
_snprintf
strcat
time
srand
_acmdln
_except_handler3
rand
sprintf
malloc
strcpy
free
strlen
memset

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

wininet

InternetOpenUrlA
InternetOpenA

netapi32

Netbios

kernel32

GetCurrentProcessId
SetFileTime
GetStartupInfoA
GetLastError
CreateFileA
lstrcatA
GetFileAttributesA
LoadLibraryA
GetProcAddress
GetTickCount
GetVersionExA
GetSystemDirectoryA
GetFileAttributesExA
CloseHandle

advapi32

CreateServiceA
OpenSCManagerA
DeleteService
CloseServiceHandle
OpenServiceA
StartServiceA

shell32

SHGetSpecialFolderPathA

Sections

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ