44ad16455efc3051fd00fe73e3bb7e40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44ad16455efc3051fd00fe73e3bb7e40_JaffaCakes118
Size

12KB
MD5

44ad16455efc3051fd00fe73e3bb7e40
SHA1

198bd41511981e7307cc2513ce7030aa5b8e0c0d
SHA256

78f000c1901081a2b7f43e55843ba89b3ed2be2cab2c3c36f04c768800863940
SHA512

09125cf385d4c0cbdf540d05114b1e7b018c950ff44b6cebe8d4e3ed3103bf08b41045a45597d84b63a2c3746ea21a8a15724017b61c02b0f9b116a9f277238d
SSDEEP

192:5rfqZdzEvo1K2hhT4l1f3wyziSv3CIZcsDGl1Hh6FehNuyyCcxjJaAEJBjt:lyd4g1Kbl+2SIZcsDo1squy6xj4bb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44ad16455efc3051fd00fe73e3bb7e40_JaffaCakes118

Files

44ad16455efc3051fd00fe73e3bb7e40_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5fc1ff0fbf1b9c607663e56f5b5c6ce0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

isalnum
strrchr
strchr
strstr
sscanf
sprintf
memset
memcpy

kernel32

CreateFileA
GetFileSize
GetProcessHeap
WriteFile
GetCommandLineA
GetVolumeInformationA
TerminateThread
Sleep
ExitProcess
TerminateProcess
ReadFile
GetSystemDirectoryA
GetStartupInfoA
GetLongPathNameA
HeapFree
SetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetTempPathA
SuspendThread
CreateThread
GetProcAddress
LoadLibraryA
CreatePipe
HeapAlloc
CreateProcessA
CopyFileA

advapi32

ControlService
OpenSCManagerA
SetServiceStatus
StartServiceA
CreateServiceA
RegisterServiceCtrlHandlerA
ChangeServiceConfig2A
DeleteService
OpenServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ