a4e0173952119b2a010d393b683d89a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4e0173952119b2a010d393b683d89a4_JaffaCakes118
Size

102KB
MD5

a4e0173952119b2a010d393b683d89a4
SHA1

c543dd7bebb8a62475ec5da0ffe27974cb06a749
SHA256

892218af1f4e6279153e32f132c7c1ba1e16b15abec44272a4b2ac8b80a456d6
SHA512

481c96c7ea064d11cbb4e4358e45e963be9ff4af3ac9be2cea1abfa1ec68a4b68e67a6f991198cf407bd1c2dfc327198fc9be7c458a5cc563ea83a74d5bac702
SSDEEP

3072:WNx8uOzNO6HJAcvddItPqbhFVgka7Kce8LL1/:JtNOkfIxqbfJaOceWLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4e0173952119b2a010d393b683d89a4_JaffaCakes118

Files

a4e0173952119b2a010d393b683d89a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16e24f8e1af55473c540c2b1406a0c91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExA
CreateProcessA
MoveFileA
GetTempFileNameA
SetFileTime
GetTickCount
GetModuleFileNameA
GetSystemDirectoryA
DeleteFileA
MoveFileExA
DeviceIoControl
CloseHandle
CreateFileA
GetTempPathA
GetWindowsDirectoryA

advapi32

DeleteService
OpenServiceA
CloseServiceHandle
OpenSCManagerA
ControlService

msvcrt

memset
_strlwr
swprintf
strlen
fclose
fwrite
fopen
strncpy
fread
strcat
strcpy
sprintf
_stricmp
strrchr
rand
srand
_snprintf

setupapi

SetupIterateCabinetA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ