fab295802a96503352a7a326ed2b2b61_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fab295802a96503352a7a326ed2b2b61_JaffaCakes118
Size

48KB
MD5

fab295802a96503352a7a326ed2b2b61
SHA1

70da6840ebdb5bc86d43d4a4c644e7206e9b247c
SHA256

2e641fbbaed1cc8336f1f74f9c622d8a1cd2cf86f55047c3e8dbfa02f526eca2
SHA512

5ef545c156ac614ae96016f6508feda06b1285223008a89bde78d44a656422d3b41b17db539d1599c83b00a3f3439a38516ecbb14c460fb8a142b19498f690e8
SSDEEP

1536:x0mqDTUU6FALTigOS+bZd8kOBZn5ZskZ+G/HDr:x0iRgOPVd8kOBTLwGv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fab295802a96503352a7a326ed2b2b61_JaffaCakes118

Files

fab295802a96503352a7a326ed2b2b61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34b33fe7380b4e65c37c9788df90277b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA
SHSetValueA
StrChrA
PathRemoveExtensionA

kernel32

GetCommandLineA
GlobalAlloc
Sleep
GetSystemDirectoryA
lstrcatA
FindFirstFileA
WriteFile
CopyFileA
SetFileAttributesA
GlobalFree
FindClose
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
CreateMutexA
CloseHandle
CreateThread
WaitForSingleObject
SetErrorMode
lstrlenA
CreateFileA
GetLastError
lstrcpyA

user32

LoadIconA
wsprintfA
TranslateMessage
KillTimer
CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
SetTimer
MessageBoxA
RegisterClassExA

advapi32

CloseServiceHandle
StartServiceCtrlDispatcherA
EnumServicesStatusA
OpenSCManagerA
RegEnumKeyExA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
CreateServiceA

shell32

Shell_NotifyIconA
ShellExecuteA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ