63533b81a74bcc6535c8dfe6cfa8c29a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63533b81a74bcc6535c8dfe6cfa8c29a_JaffaCakes118
Size

76KB
MD5

63533b81a74bcc6535c8dfe6cfa8c29a
SHA1

cf8d5c7b6e2369c1b008b06b1f4c658a98573bb8
SHA256

0ad8e6e916171421b4a17b9d9d27ed82531e1bc4d66795012f0e377f4bf5bc61
SHA512

9a22b0267f937275fce3b887c3d145145ab4560b866745d19339f8350abd5ac47aa5b12bf3cab86704f1798f894fa67957a157ee00c12e4b8fe98b7b769ad191
SSDEEP

1536:9uKR64CnNZaY4h8H0/LRll4e2GLhg6L3lpQUp+Tk/UggtJsU:9pRYNuSyLRlaXG7L1YpJJsU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63533b81a74bcc6535c8dfe6cfa8c29a_JaffaCakes118

Files

63533b81a74bcc6535c8dfe6cfa8c29a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7875be5f670d6af52aedf1eab4d256f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
DeviceIoControl
GetVersionExA
GetModuleFileNameA
GetLastError
GetTickCount
GetFileAttributesExA
FindNextFileA
FindFirstFileA
MoveFileExA
Sleep
MoveFileA
CreateFileA
DeleteFileA
SetFileTime
CloseHandle
GetSystemDirectoryA
WinExec
GetTempPathA
GetTempFileNameA
FindClose

advapi32

RegOpenKeyExA
RegCloseKey
OpenSCManagerA
DeleteService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegEnumKeyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

_strlwr
isalpha
_onexit
__dllonexit
sprintf
strrchr
strcpy
__CxxFrameHandler
strlen
memset
strcat
strcmp
strchr
_snprintf
_stricmp
isdigit
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
srand
memcpy
atoi

shlwapi

SHDeleteKeyA
SHSetValueA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 16B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ