3bd000284699c4342267bd473dd14e8e_JaffaCakes118 | Triage

Sharing

General

Target

3bd000284699c4342267bd473dd14e8e_JaffaCakes118
Size

36KB
MD5

3bd000284699c4342267bd473dd14e8e
SHA1

3380885f4fc4853d32482963fb77e5abb3b7095a
SHA256

0191cac2657e1a2c8f1669ce82d0a6fe8328cfa1aa66ac8f51f74def59c0c598
SHA512

097ca4d26786e61a026e3ab642fe8d7dfc19507dc4e122793c601caf51e0852c2060e8bda736ea810b5d605347b3629d2d5955279c15f250846573780be71bca
SSDEEP

384:PhfohK86pddylKqvv3d7yz4TaAXUOaKeGTEOtNWieTWZvz:Z0KFOlKqv1Sw7XUOa0ERy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bd000284699c4342267bd473dd14e8e_JaffaCakes118

Files

3bd000284699c4342267bd473dd14e8e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1890eccccc8c9072b09f27c25804ec9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord1248
ord1165

msvcrt

_adjust_fdiv
malloc
_initterm
free
wcscpy
_wstat
_wutime
wcschr
wcslen
wcscat
exit

kernel32

lstrcatW
CreateFileW
WriteFile
MoveFileExW
GetModuleFileNameW
CloseHandle

advapi32

CloseServiceHandle
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
StartServiceW
LockServiceDatabase
ChangeServiceConfig2W
UnlockServiceDatabase
CreateServiceW
OpenServiceW
RegOpenKeyExW
OpenSCManagerW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ