894ca13976856b45022dc214896571eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

894ca13976856b45022dc214896571eb_JaffaCakes118
Size

33KB
MD5

894ca13976856b45022dc214896571eb
SHA1

872477032db2c0910e72726d0c460507234e172d
SHA256

d80e61d5419148aef8731f32177c31464c1839d521c748e404edb896d593921a
SHA512

f7d72c194405c5ce29e27d498f47fc080215f37077cc953ab4c468572878a08602850add03f30f0f66cee09249d1efba0e0e870b0c66352166e6a6baeb19bbc0
SSDEEP

768:QXxa09D1XgUz9G8hdBuv+CLiVAoNuhO2p0ha:yo8hzuvHyA/c2pr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
894ca13976856b45022dc214896571eb_JaffaCakes118

Files

894ca13976856b45022dc214896571eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50194329e039f7615142f3ed88f7fc7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
RtlUnwind
CreateFileA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
WriteFile
CloseHandle
CreateProcessA
ReadFile
IsDebuggerPresent

advapi32

CreateServiceA
CloseServiceHandle
StartServiceA
OpenSCManagerA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ