844ba1da1f62d9d0ff9083d2bb79ee61_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

844ba1da1f62d9d0ff9083d2bb79ee61_JaffaCakes118
Size

27KB
MD5

844ba1da1f62d9d0ff9083d2bb79ee61
SHA1

6a333553abd6b2b61ad8da64f85fbf8b9f748106
SHA256

dac694908e32e0ace9a4fe9ca43f69784b0006e75eeaf111b5693d8bf7ca540d
SHA512

69b13d59432985735681be2e6989b8bc688319f14a355b57bfacf33c7b75f58f3ede1cce44a562bd66c42f34fe85e48519e56eb1a4b09a0a326e4e472b154cba
SSDEEP

768:Jtw38paOxGoWFN+SIul+QQXzm9cUbOAaq:EkLLXzm7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
844ba1da1f62d9d0ff9083d2bb79ee61_JaffaCakes118

Files

844ba1da1f62d9d0ff9083d2bb79ee61_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b4f56662d57ea880af3d7add32bc4ac0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
Sleep
lstrcpyW
GetModuleFileNameW
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
UnmapViewOfFile
ReadProcessMemory
CreateThread
CreateFileMappingW
GetFileSize
CreateFileW
lstrcatW
GetSystemDirectoryW
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
OpenProcess
lstrlenW
CreateEventW
WaitForSingleObject
DeleteFileW
GetTempPathW
GetTickCount
MoveFileW
MoveFileExW
CloseHandle
TerminateThread
MapViewOfFile
ExitProcess

user32

wsprintfW

advapi32

LookupPrivilegeValueW
RegisterServiceCtrlHandlerW
RegOpenKeyW
RegQueryValueExW
SetServiceStatus
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shlwapi

SHDeleteKeyW
StrRChrW

Exports

Exports

Launch
ServiceMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ