f9b08e2649f5a51dfd83061fd2894d82_JaffaCakes118 | Triage

Sharing

General

Target

f9b08e2649f5a51dfd83061fd2894d82_JaffaCakes118
Size

35KB
MD5

f9b08e2649f5a51dfd83061fd2894d82
SHA1

437a2747e4e707ef65660e9598446379d8c39def
SHA256

cfeb734f86149b2b9271d4a1fa6ab0e274da0e6df5004bc3756e2ab5eaef5baa
SHA512

cbcc310d07cc8355cd40f3b30bccc71bc69fb68fd897bab50ea00230c39890ec45ab223cfe084582a880d2d8bc7d1aafc8607f6565f2bf71798baf3410f41de3
SSDEEP

768:HGxw0GKR5TDzlJeZoC81zJwK6JzcHhMmASff+ZG/B1KKtLoxbjaYRlagrlVX:HGxOKnPXtC81zJwK6JzcHhMfSnpBkK1k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9b08e2649f5a51dfd83061fd2894d82_JaffaCakes118

Files

f9b08e2649f5a51dfd83061fd2894d82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf74188e666687089c90723b5fd27662

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetSystemDirectoryA
Process32Next
lstrcmpiA
Process32First
TerminateProcess
GetCurrentProcess
Sleep
MoveFileA
GetWindowsDirectoryA
DeleteFileA
FreeLibrary
WaitForSingleObject
CopyFileA
lstrcatW
GetWindowsDirectoryW
GetVersionExA
GetLastError
DeviceIoControl
FreeResource
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalFree
GlobalAlloc
VirtualFreeEx
CloseHandle
GetModuleHandleA
LoadLibraryA
OutputDebugStringA
GetProcAddress

advapi32

ControlService
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
OpenServiceA

shell32

ShellExecuteA

msvcrt

fprintf
strcat
strlen
fclose
fopen
strcpy

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ