aa9140e400c515bd9b74cf1ae885f553_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa9140e400c515bd9b74cf1ae885f553_JaffaCakes118
Size

21KB
MD5

aa9140e400c515bd9b74cf1ae885f553
SHA1

38f9fab31fd6ba1ac01148674f3d0fc865e0ecf2
SHA256

5c3e68a8c134735898f47c6cb6b22a011a294ab65fc1dea7b7603737f685b489
SHA512

f3511dd10afb6732d8112bce7233f77c132e5701a6c00b95d3b00435ac4c133cb3bc7aff84d006e624e3053e8e7ab5020b7b7e23f2bd52b872c8c2887dd5c547
SSDEEP

384:faoC3QpPcLu4xTkg+wW5QDV08teHn+EgTWGYOf2OJ06dUb+m:faMwxpDV4+ECtfSJim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa9140e400c515bd9b74cf1ae885f553_JaffaCakes118

Files

aa9140e400c515bd9b74cf1ae885f553_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56910171d144fd97f8e8c27ee2db372d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
lstrlenA
GetProcessHeap
HeapAlloc
lstrcpyA
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetDriveTypeW
FindFirstFileW
FindClose
GetModuleHandleW
GetProcAddress
HeapFree
GetVersionExW
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
CreateFileW
DeviceIoControl
GetCurrentProcess
GetLastError
CloseHandle
FlushFileBuffers
WriteFile

advapi32

ControlService
StartServiceW
DeleteService
OpenServiceW
ChangeServiceConfigW
CreateServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceConfigW

msvcrt

wcsncpy
wcsrchr
wcscpy
printf
atoi
fopen
fgetc
fclose

user32

wsprintfW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE