0d38b5f631e7168bc187f807c152eec7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d38b5f631e7168bc187f807c152eec7_JaffaCakes118
Size

6KB
MD5

0d38b5f631e7168bc187f807c152eec7
SHA1

9c05c40b18999c3edb6a4a2ba603e02c90363a60
SHA256

14a3a46e9f2b5699f335856e89dc6d10953502b6e3053fd298499101cddb0ae2
SHA512

7ed5837ecaea8aa1514eec91f0dac0a397819fd7bbc0d5ae60eea3fe2b484971b3550a44b37fe195eb5740bf9fc115b5b15e6f4e1012b57de64faa1e362ae44c
SSDEEP

96:hqwa6kmbrH9vdAHq9g6VRWfUCic4O/Acad6AmBmis5oUoyn:swaHmb5vdj9g6vWf7DoRZQmis5oUoyn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d38b5f631e7168bc187f807c152eec7_JaffaCakes118

Files

0d38b5f631e7168bc187f807c152eec7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

453951f48d8458a77c27fe5645395442

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
lstrlenA
WriteProcessMemory
Thread32First
CloseHandle
QueueUserAPC
OpenThread
LoadLibraryA
Thread32Next
CreateToolhelp32Snapshot
Process32First
CreateThread
Process32Next
GetLastError
Sleep
OpenProcess
GetModuleHandleA
GetStartupInfoA

advapi32

OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

msvcrt

_stricmp
_splitpath
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strpbrk
exit

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE