a77ae8729043e3c8b9f3cf63aeeb63d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a77ae8729043e3c8b9f3cf63aeeb63d7_JaffaCakes118
Size

10KB
MD5

a77ae8729043e3c8b9f3cf63aeeb63d7
SHA1

396ac5393e3607df0575e4f0009eadac84587dfd
SHA256

279e661334c16d20424f8af713d2f4998ef7ada1907674dfcc900d9a24a94a0f
SHA512

2b792a2f663333a478deba9a6b7e482a000e8b379068d9a0f062a9ae053917287c5448f190f992071b51d649d6768b2cb18ac703ee41328fe7ccf2d0cd7a1e25
SSDEEP

192:4B+7vEg/QsIo38FJVpJqulAdz4se9vQnPoi7:/Ytlgz4sBnPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a77ae8729043e3c8b9f3cf63aeeb63d7_JaffaCakes118

Files

a77ae8729043e3c8b9f3cf63aeeb63d7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

15bd2e22b626b1ddc075192cebc3de8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_strcmpi

kernel32

LoadLibraryA
MoveFileA
GetLastError
TerminateProcess
OpenProcess
GetProcAddress
CreateToolhelp32Snapshot
lstrcmpiA
DeleteFileA
SetLastError
lstrcpyA
lstrlenA
GetCurrentProcess
CloseHandle
lstrcatA
GetWindowsDirectoryA
GetPrivateProfileStringA

user32

wsprintfA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegSaveKeyA
RegRestoreKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ