f8699d8b54c965e4ef78aaebf3cd28fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8699d8b54c965e4ef78aaebf3cd28fa_JaffaCakes118
Size

31KB
MD5

f8699d8b54c965e4ef78aaebf3cd28fa
SHA1

e4eb32f32c3b60129e37aedb005f3e3e82f85e76
SHA256

cb7736fa2f3cccc542e9de32397d54c386e7a2912950c692535ff2c068cf5208
SHA512

d4e3ecf892ae6647cb74e52b060ccf8466871975e1c36ba98c04ea7fba43344859f5adf6968f032524a286bed4d761f8de93807f5811d53c1ee3b974411c4719
SSDEEP

768:JI+1TPBcb7OcaTve0gyBaxtg9tMg5LmiBKF:JIz7kVgyBB4gkUKF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8699d8b54c965e4ef78aaebf3cd28fa_JaffaCakes118

Files

f8699d8b54c965e4ef78aaebf3cd28fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8b3a4c8893fddeed4e8e064f2658112

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wtoi
malloc
strchr
wcscpy
wcscat
__mb_cur_max
wcscmp
strtoul
sprintf
wcschr
realloc
fclose
atoi
wcsncat
exit
memcpy
_wfullpath

advapi32

QueryServiceConfigA
LookupPrivilegeValueW
CloseServiceHandle
StartServiceA
MapGenericMask
GetSidIdentifierAuthority
AddAce
RegConnectRegistryA
QueryServiceObjectSecurity
AdjustTokenPrivileges
RegEnumValueA
GetKernelObjectSecurity
RegQueryValueExA
SetTokenInformation
AddAccessAllowedAce
RegOpenKeyExA
QueryServiceStatus
ControlService

kernel32

RaiseException
GetFileAttributesA
SizeofResource
MulDiv
GetSystemInfo
EnterCriticalSection
RtlUnwind
CloseHandle
UnhandledExceptionFilter
GetCurrentThreadId
FreeEnvironmentStringsA
GetStringTypeA
TlsAlloc
GetTickCount
GetUserDefaultLCID
HeapCreate
DeleteFileA
LoadLibraryA
SetUnhandledExceptionFilter
FindClose
GetTimeFormatA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ