5f906db23bcba62643c9bdfb80717879_JaffaCakes118 | Triage

Sharing

General

Target

5f906db23bcba62643c9bdfb80717879_JaffaCakes118
Size

237KB
MD5

5f906db23bcba62643c9bdfb80717879
SHA1

56b150e2ddbd2d9b136d03285c83620a3a269847
SHA256

c186f5c8607e648638be0ee9668a2e798cd9db496914115cf408aa381bbb5b9d
SHA512

41c50c1e8731148aaa09fbc0342ca10b5a34e38ae27430d8318825bbd2104f5781af84b61cdf50a5e0adba93523810ed6df8e8b5f12929002deb5414b9c57226
SSDEEP

6144:9RtVXeyRzEGCb9QuRBcDhJa35iQwHf1yjwMIY8Z+ABci:nDbzEtb9zRBan3H4jPIiAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f906db23bcba62643c9bdfb80717879_JaffaCakes118

Files

5f906db23bcba62643c9bdfb80717879_JaffaCakes118
.exe windows:4 windows x86 arch:x86

850c1296474ee96964a9a9cb3c15e4f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
FindFirstFileA
GetVersionExA
GetTickCount
GetModuleFileNameA
WaitForSingleObject
CreateThread
Sleep
MoveFileA
WriteFile
GetModuleHandleA
GetLastError
FindClose
FindNextFileA
MoveFileExA
GetFileAttributesExA
CreateFileA
SetFileTime
CreateProcessA
CloseHandle
GetSystemDirectoryA
WinExec
GetTempPathA
DeleteFileA
GetTempFileNameA
GetProcAddress

advapi32

OpenSCManagerA
RegCloseKey
DeleteService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegEnumKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

isalpha
isdigit
atoi
srand
rand
??2@YAPAXI@Z
printf
sprintf
strrchr
strcpy
__CxxFrameHandler
_EH_prolog
strlen
memset
strcat
strcmp
strchr
_strlwr
_snprintf
memcpy
_stricmp
??3@YAXPAX@Z

shlwapi

SHSetValueA
SHGetValueA
SHDeleteKeyA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 16B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ