4ca7bfed7aa4114656cbbf2ee80684f8_JaffaCakes118 | Triage

Sharing

General

Target

4ca7bfed7aa4114656cbbf2ee80684f8_JaffaCakes118
Size

116KB
MD5

4ca7bfed7aa4114656cbbf2ee80684f8
SHA1

8fe148a4acf83eb1c01fbf2ca8dc61c3d43ae6b3
SHA256

51ab3edd7006be89892ad851fa4471a071a0b28de8fea85904ccb83e3cce964a
SHA512

432fd226b75a074b5e63bfd14cc2948853d779c775745db1f213b070e1946fb0d2ab50e83f389f35ca661d756acc185aaac52ab59e08289ee3190d245a154daa
SSDEEP

3072:QUvu1ilO3RbXjB9p9K/SkMgtIyBzJJqJLEH0Ws:FvICO3RbTG/SPqIW0Ws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ca7bfed7aa4114656cbbf2ee80684f8_JaffaCakes118

Files

4ca7bfed7aa4114656cbbf2ee80684f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ad8a460f2c3f948cb97de761c5fb52a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

ntdll

NtAllocateVirtualMemory
memset
NtQuerySystemInformation
NtFreeVirtualMemory

user32

wsprintfA
GetDesktopWindow

kernel32

MoveFileA
DeleteFileA
GetTickCount
lstrcpyA
LoadLibraryA
Sleep
FreeLibrary
GetProcAddress
VirtualFree
LoadLibraryExA
VirtualAlloc
LocalAlloc
LocalFree
GetModuleHandleA
GetCurrentProcess
CloseHandle
WriteFile
CreateFileA
GetEnvironmentVariableA
lstrcatA
ExitProcess
GetShortPathNameA
GetModuleFileNameA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
lstrlenA
CreateProcessA

advapi32

StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle

shell32

ShellExecuteA

msvcrt

rand
srand
_onexit
__dllonexit

Sections

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE