6a6c20bfc620ddc2b1d688677104f28d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a6c20bfc620ddc2b1d688677104f28d_JaffaCakes118
Size

61KB
MD5

6a6c20bfc620ddc2b1d688677104f28d
SHA1

75739d86b9ddff902efda4630f8a1388023d1603
SHA256

0823bf9fe4a70fd516295aaa6738ff7e68171910c2f64d4edde0d0a344ddc3bd
SHA512

b1e14cce8dae552311a2119735833cc24fad016990a757e2685679fa0bfdb9ef280f93092bf7c6c824456dbc7540dff816cf4cdfdbb324e746561c6071ed2e09
SSDEEP

1536:uU1Hx5DoZXk9t2aPWeFPX4sJjE63d+UO7/W9x:n1Hn59sWWeFPTkef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a6c20bfc620ddc2b1d688677104f28d_JaffaCakes118

Files

6a6c20bfc620ddc2b1d688677104f28d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c8c47d3c68c9f9ab708007aa7cfbecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\PRIVATE\mydll\OUTPUT\Install.pdb

Imports

msvcrt

memcpy
srand
rand
??3@YAXPAX@Z

kernel32

GetFileAttributesExA
GetTickCount
SetFileTime
WriteFile
WideCharToMultiByte
GetCurrentProcess
GetFileAttributesA
TerminateProcess
ReadFile
GetSystemDirectoryA
GetLastError
SetFilePointer
GetModuleHandleA
WinExec
CloseHandle
CreateFileA
Sleep
GetModuleFileNameA

user32

wsprintfA

advapi32

OpenServiceA
OpenSCManagerA
StartServiceA
DeleteService
CreateServiceA
CloseServiceHandle

shlwapi

SHSetValueA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ