b4ac06a8d86b8db9ac4c5191b3cd5883_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4ac06a8d86b8db9ac4c5191b3cd5883_JaffaCakes118
Size

140KB
MD5

b4ac06a8d86b8db9ac4c5191b3cd5883
SHA1

d4d111ca1f1d922dfca2ec0636ce3cdc2947959e
SHA256

1949a9007b780c82b33144be2e2800b5cd45d3050e2a56fd907bfac70d3df8b0
SHA512

0b5552858aa60380802a054389cdff83b76815cff65fcab3ae23dd81f16ec264dd3b785e89fd7610e4604da46c1b3f5ac7a9baaf9d7a07bf760a1deb52342e05
SSDEEP

3072:6b6tl7P6kqtXQ6TgLxvt/kki88888888xb9C:6qPh6TgLxF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ac06a8d86b8db9ac4c5191b3cd5883_JaffaCakes118

Files

b4ac06a8d86b8db9ac4c5191b3cd5883_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69cb5d7c37886f3ca9be128aa00681d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetFileAttributesA
SetCurrentDirectoryA
GetWindowsDirectoryA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
CreateFileA
lstrlenA
GetSystemTimeAsFileTime
RtlUnwind
InterlockedExchange
VirtualQuery
WriteFile
CloseHandle
WinExec
WritePrivateProfileStringA
GetFullPathNameA

user32

wvsprintfA

advapi32

StartServiceA
CloseServiceHandle
CreateServiceA
EnumServicesStatusA
OpenSCManagerA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ