322dd6065cb1c6496d534e42ffecb2f8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

322dd6065cb1c6496d534e42ffecb2f8_JaffaCakes118
Size

16KB
MD5

322dd6065cb1c6496d534e42ffecb2f8
SHA1

9de6cd63735ea1c0f3dd20e0c1361cac79c1a28d
SHA256

8ab9df37ad9e71576e569fd037fa3200b40f1ea2e3a27f69512f4c0e5bc77c76
SHA512

daa262a5b1d8009be3d92c1d78d751f18ac07f855aa2bdd914f40e4d364c668669ccf2cae208758cdce8c6f63cbcbbb56d103acbfb3c90d33249659211de21dc
SSDEEP

96:hCq057eOVb0g3lb4RiyIPvdtI1/ZUXyYJv4DlvaP4oynyQYkR:hdAj33lbRVtI1/OXyYh4xaP4oynyQYk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
322dd6065cb1c6496d534e42ffecb2f8_JaffaCakes118

Files

322dd6065cb1c6496d534e42ffecb2f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05dbc20246dae79b5348bb624eede4c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6877
ord533
ord5194
ord5778
ord6407
ord537
ord1997
ord798
ord540
ord2818
ord823
ord535
ord800

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__CxxFrameHandler
_mbsrchr
rand
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
time
srand

kernel32

LoadLibraryExA
GlobalFree
lstrcpynA
FreeLibrary
DeviceIoControl
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Sleep
GetSystemDirectoryA
GlobalAlloc
CloseHandle
CreateFileA
lstrcpyA
GetLastError

user32

FindWindowA
GetWindowThreadProcessId

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CloseServiceHandle
StartServiceA
CreateServiceA
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
SetServiceStatus

shlwapi

PathFileExistsA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE