3177b3269c68680727e1f46b5af481bb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3177b3269c68680727e1f46b5af481bb_JaffaCakes118
Size

4.6MB
MD5

3177b3269c68680727e1f46b5af481bb
SHA1

7a0ca900e192be634427db24c6a473de949e7251
SHA256

47ddd18540a9d60f24450d45828b70aa6c05c47317d3cdf6cf04ebe0cc4a6bb3
SHA512

b62ca127653a04f625d55e0b24c6551b3014f774a7aa115a9b5bae556cf1416e7e39aedc23be5c5349737ed3e27cac851348569bbdbedaa0cc655da393bb092b
SSDEEP

98304:lJhEgA7f1C27xnRmKP8mRspE0Cz054ipGoY+vfyqayotnQtPFsLa1m1aA:lJu5trVnRmG8mpdis1+iblnQtPSLa1mF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3177b3269c68680727e1f46b5af481bb_JaffaCakes118

Files

3177b3269c68680727e1f46b5af481bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abc870c215cb518822c012bd3c984af4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Process32First
Process32Next
RtlZeroMemory
GetProcAddress
VirtualProtectEx
WriteProcessMemory
lstrcatA
lstrcmpiA
GetModuleHandleA
GetModuleFileNameA
GetCommandLineA
ExitProcess
CreateToolhelp32Snapshot
VirtualAllocEx
CloseHandle

advapi32

OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
StartServiceA

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE