4baac505905f81bc8041adf689c99437_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4baac505905f81bc8041adf689c99437_JaffaCakes118
Size

40KB
MD5

4baac505905f81bc8041adf689c99437
SHA1

420c414a2733b4a937247dbdc059d2209d35c76d
SHA256

03abfaaf848a32f28d9914786bd5c6cccd497726c3d12576cb4a8ea50a6014e9
SHA512

7203d92d3be482f4f8ce15b0ff72b662709d7aa03879ff005e3d939293137f86b3ed985dc7a5715ba9176ec4d40bafedc64b4037f4c3de4c17220a5be6dc2542
SSDEEP

768:YFMIbiJf6X8e8asfy/U1LBNLkeCHNFvtku3iSTA8IphpdfUKntM:YFXiJG8/aM1LDzCtFvtkalTAjPZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4baac505905f81bc8041adf689c99437_JaffaCakes118

Files

4baac505905f81bc8041adf689c99437_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c49334c81a12ce6451e02771b7a14177

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFileAttributesA
lstrcmpA
GetVolumeInformationA
WriteFile
DeviceIoControl
GetDiskFreeSpaceA
SetFilePointer
CreateFileA
lstrlenA
lstrcatA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
ExitProcess
GetCurrentProcessId
GetFileSize
LocalAlloc
ReadFile
LoadLibraryA
GetProcAddress
OpenProcess
GetEnvironmentVariableA
CloseHandle

wininet

HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpSendRequestExA
InternetConnectA
InternetWriteFile

advapi32

RegSetValueExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegCreateKeyA

shell32

ShellExecuteA

user32

wsprintfA

ntdll

RtlAdjustPrivilege
wcslen
_allmul
NtQueryInformationProcess
_chkstk
strlen
memcpy
mbstowcs
memset

psapi

EnumProcessModules

msvcrt

free
srand
malloc

Sections

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE