8784b2a1fa901cc974c0b2205b0b05d7_JaffaCakes118 | Triage

Sharing

General

Target

8784b2a1fa901cc974c0b2205b0b05d7_JaffaCakes118
Size

30KB
MD5

8784b2a1fa901cc974c0b2205b0b05d7
SHA1

9e5aa5bbd31e72dfdbeb3715f55078e6eef7118a
SHA256

30d39c189790a4e0ce518635795f27613ef3d698b4a23da691ab044e7a0e0e15
SHA512

ec431b4aaceea4311eba643c4f30c2f16cdae532cc95203d0a1846d4cc2582a980867dad12a7ede6b8cfe37bf2d30a534605909de0c3d527bbb647679eced695
SSDEEP

768:HoDv+50Py8S1rpRo0IoZrxpglcOVaxFbB:HAvcDR2i0LVaPbB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8784b2a1fa901cc974c0b2205b0b05d7_JaffaCakes118

Files

8784b2a1fa901cc974c0b2205b0b05d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d96864b73c0cab0ace99401e4207c915

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
CreateProcessA
GetStartupInfoA
Sleep
CloseHandle
GetTempPathA
CreateFileA
GlobalAlloc
WriteFile
GetTickCount
LoadResource
FindResourceA
LockResource

user32

GetClassNameA
wsprintfA
FindWindowExA
EnumWindows
GetWindowTextA
PostMessageA

advapi32

CloseServiceHandle
DeleteService
CreateServiceA
OpenSCManagerA
ControlService
OpenServiceA

msvcrt

memcpy
memset

Sections

.text
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ