260107cff8aeb16cb7d1fa20dd7e5749_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

260107cff8aeb16cb7d1fa20dd7e5749_JaffaCakes118
Size

15KB
MD5

260107cff8aeb16cb7d1fa20dd7e5749
SHA1

16b925a0bae7ad715b96d07dd185b6cbc847b531
SHA256

8364139b5630e0317acddc18b5d90d76cd294a79aa072dd19432ab64cc98fc14
SHA512

c45f8c84d367a6a2ba30de77f2d4e28d6dc1b740352dd20e29f311db9efb12ad601fec81f11a1e3cd662423797a413e1a7c86b7aad3b3315862f6b9bc0f01530
SSDEEP

384:MV6A4Bu8JxGo5dTTky35IoxGUPtptbgSog1:MV6fu8Jxv5dfkyCvsQSH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
260107cff8aeb16cb7d1fa20dd7e5749_JaffaCakes118

Files

260107cff8aeb16cb7d1fa20dd7e5749_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c01bf6e52a94263ad7d09ebe1091487f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetTickCount
GetModuleHandleA
FindClose
WriteFile
FindFirstFileA
CopyFileA
LockFile
GetCurrentProcess
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersionExA
CreateProcessA
CreateFileA
CloseHandle
GetCurrentDirectoryA
Sleep
DeleteFileA
DeviceIoControl
LoadLibraryA
GetProcAddress
ExitProcess
FindNextFileA
GetFileAttributesA

user32

SetClassLongA
IsWindowVisible
InvalidateRect
MessageBoxA

advapi32

ControlService
DeleteService
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenServiceA
QueryServiceStatusEx
StartServiceA
CloseServiceHandle
CreateServiceA
GetTokenInformation
OpenProcessToken
RegEnumValueA
RegDeleteKeyW
OpenSCManagerA
RegDeleteValueA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE