3f6156e076e9f53e2ffd2e94ee7d4f8e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f6156e076e9f53e2ffd2e94ee7d4f8e_JaffaCakes118
Size

104KB
MD5

3f6156e076e9f53e2ffd2e94ee7d4f8e
SHA1

4ae70cac269983ce3f7c19d81a58b0f857176488
SHA256

76e38d64ebd9d1099ba3bcf44b59650e82709f6b763bf98bab24bd32dbd518b8
SHA512

849564b836a8824a74df6c4f0f3e5227843cf3c3485c626cf1c03463096a162818adeed35906efda68da9b9c61c6c13c954ae1ab1e49df7750dc8266a1549130
SSDEEP

3072:7qd3Ceo9FIGXGRL9DHOZ/xaRteliqd3Ceo9FIGXGRL9DHOZ/xaRtel:md3aywIRtQd3aywIRt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f6156e076e9f53e2ffd2e94ee7d4f8e_JaffaCakes118

Files

3f6156e076e9f53e2ffd2e94ee7d4f8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd81af950bfaf79ab62ba708d1d455da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceW
OpenSCManagerW
ControlService
OpenServiceW
CloseServiceHandle

ntdll

ZwQueryValueKey
NtCreateFile
NtSetInformationFile
ZwOpenKey
ZwSetValueKey
ZwCreateKey
RtlAllocateHeap
_stricmp
NtQueryInformationFile
NtReadFile
NtWriteFile
ZwEnumerateKey
RtlFreeHeap
NtQuerySystemInformation
NtClose

kernel32

MoveFileExA
GetModuleFileNameA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE