48162eb49f3dc2d082411e481631c0eb_JaffaCakes118 | Triage

Sharing

General

Target

48162eb49f3dc2d082411e481631c0eb_JaffaCakes118
Size

17KB
MD5

48162eb49f3dc2d082411e481631c0eb
SHA1

581880e1f94bd98cfd324d2403e55d8d26779ba3
SHA256

a2bfd337d300c15fe2ea2cc2e81852eb851bf3cb2efae96d8e64b6620fd29b9d
SHA512

09f6757df600dd734d3b82d30a54f560970ca7372779065642e991e102589cdb7356e28edbc2b35a7c571717acc1e72c0635db92b6b5ebe62ef3bbbf2dc36b1a
SSDEEP

384:wfj1WZQjXwRhecuYHcx60fQL75qTWn4ZOSG2:4JwUcl8kK2ETeeO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48162eb49f3dc2d082411e481631c0eb_JaffaCakes118

Files

48162eb49f3dc2d082411e481631c0eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1aa54bb6141a47450a224e5240315095

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
sprintf
_mbsrchr
_stricmp
_strnicmp

kernel32

GetStartupInfoA
GetSystemDirectoryA
GetModuleFileNameA
CopyFileA
VirtualFreeEx
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
SetLastError
GetCurrentProcess
GetLastError
GetCurrentThread
WriteFile
Sleep
CreateFileA
SetFileAttributesA
LockResource
LoadResource
FindResourceA
MoveFileExA
GetTickCount
GetTempPathA
SizeofResource

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
CreateServiceA
CloseServiceHandle
StartServiceA
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shlwapi

SHSetValueA

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ