4d0482f86f32a94e34875fd0620c203d_JaffaCakes118 | Triage

Sharing

General

Target

4d0482f86f32a94e34875fd0620c203d_JaffaCakes118
Size

27KB
MD5

4d0482f86f32a94e34875fd0620c203d
SHA1

739e38a96e0d2a50b9c7b4841fd4610a4cd86736
SHA256

639ec122a6e277fe951a683cbaaaf8a636e092c636eecff95043b98520392a52
SHA512

713d1f4bf21ab9fd40299487e42434d9e91415a4b4b5742ba88acd080837468b81cdd64b5615eee357e523620f55d8ba1deb18bed4a1b23ce9bb5709a0e59c7f
SSDEEP

768:MUajjxLfEZpDH5yODacfoe9vA/9TZpkYUVFZ3/d/:MnjVLfEZph+cfoiU9PkYUVFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d0482f86f32a94e34875fd0620c203d_JaffaCakes118

Files

4d0482f86f32a94e34875fd0620c203d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1c854b46681e4aed2e0884ab2414ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ExitProcess
SetFileAttributesA
GetVolumeInformationA
GetStartupInfoA
GetModuleHandleA
CloseHandle
GetModuleFileNameA
GetSystemDirectoryA
_lcreat
_lwrite
_lclose
WinExec
CreateFileA
OpenProcess
DuplicateHandle
GetCurrentProcess

user32

SetTimer
GetMessageA
TranslateMessage
KillTimer
DispatchMessageA

advapi32

CreateServiceA
OpenServiceA
ControlService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
DeleteService
OpenSCManagerA

msvcrt

__p__commode
_controlfp
sprintf
fclose
fwrite
fread
fopen
??2@YAPAXI@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_strupr
__p__fmode
__set_app_type
_except_handler3

shlwapi

PathFileExistsA

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA

iphlpapi

GetAdaptersInfo

Sections

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE