b455b85484cddf441aa588262fec85b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b455b85484cddf441aa588262fec85b6_JaffaCakes118
Size

109KB
MD5

b455b85484cddf441aa588262fec85b6
SHA1

10b3ded341f28baf32b868696e8fa0c2db603fe4
SHA256

c1ebe814962416a00044c734008889689b62330efbe848bc77eb4733a2a27626
SHA512

8bc3417baaa5e7c78040884efd628f672e18da75eede76e8b04b84d2ee82a227b1aa5bb274b3cde75cf8d004efa72f59f88706cb2bf51d0a77251dc6726e508b
SSDEEP

1536:pq2x6nKxVXGyxeWTR0AHJJaymJ/y7owAm/MrdEVt/DO:QygKxVXJpERy7owrYdEHDO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b455b85484cddf441aa588262fec85b6_JaffaCakes118

Files

b455b85484cddf441aa588262fec85b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f096467654b09614167fcfff4823ddc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
DeleteFileA
GetCurrentThread
GetCurrentProcess
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
SetThreadPriority
GetProcAddress

advapi32

CreateServiceA
ChangeServiceConfig2A
OpenServiceA
StartServiceA
OpenSCManagerA

shell32

ShellExecuteExA
SHChangeNotify

mfc42

ord815
ord1575
ord823
ord561
ord825

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
wcscpy
wcslen

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ