5c0d8fd4393c5265965c336ee255c639_JaffaCakes118 | Triage

Sharing

General

Target

5c0d8fd4393c5265965c336ee255c639_JaffaCakes118
Size

140KB
MD5

5c0d8fd4393c5265965c336ee255c639
SHA1

b16c4ad5b19529fe6a9e181af71e32f6aadf9b6a
SHA256

2b252ac87736605a73874ee282b811f53b62c9ba2f3df58b5ed08fa72c50326a
SHA512

0c59b0e0a07fe27fd65c91e69992c76a0d8922610630362bb93402699a73d7db2dad00fb5b276cf8c519aa9de4962db7e0ad1414f004057f554afdbce04e89f5
SSDEEP

3072:IFj7iKNLGD+7AOAnkLtjTEvcg/XL6x//Ed5xj1:crLGimkLtjg/Xg/A5xj1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c0d8fd4393c5265965c336ee255c639_JaffaCakes118

Files

5c0d8fd4393c5265965c336ee255c639_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bcfecd1c4f0c671f4cd77f76a1cb475d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CreateFileA
GetLastError
DeviceIoControl
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetProcAddress
lstrcatA
Process32Next
FindResourceA
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetCurrentProcess
LoadLibraryA
GetModuleFileNameA
LoadResource
LockResource
SizeofResource
WriteFile
FreeResource
CloseHandle
lstrcpyA
lstrcmpiA
lstrlenA

advapi32

DeleteService
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ChangeServiceConfigA
ControlService

Exports

Exports

testall

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE