ce69a59a202f11fbcfdd8c9436f7e95a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce69a59a202f11fbcfdd8c9436f7e95a_JaffaCakes118
Size

10KB
MD5

ce69a59a202f11fbcfdd8c9436f7e95a
SHA1

714cbb2b5f2d5956834a5501d0676b5bc6bc6e17
SHA256

fa06eb21931368589cb2da611cc15ac3edd4a70c7c2e3b1b7a7fde29628563da
SHA512

b8fc9957e099efc06bc5c7be8cf87c66be34b15ce94050b79d8015df71fa02539665694a742bd68cf224dc626dbd81c6c33ca3a26c1ac948283114fe68c4e8da
SSDEEP

192:i53ufQdmgknIg3mWoAyn1uGvvRfccucAUPu:UUmm9n1XoAyn1/VqcAUPu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce69a59a202f11fbcfdd8c9436f7e95a_JaffaCakes118

Files

ce69a59a202f11fbcfdd8c9436f7e95a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44fa3e1e1faf00814d2169c7261f77b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
GetWindowsDirectoryA
Sleep
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
GetCurrentProcessId
ExitProcess
DeleteFileA
LoadLibraryA
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GlobalAlloc
LoadLibraryExA
GlobalFree
FreeLibrary
DeviceIoControl
GetLastError
CreateFileA
WriteFile
WinExec
CloseHandle

user32

MessageBoxA

advapi32

OpenProcessToken
AdjustTokenPrivileges
QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
LookupPrivilegeValueA

shlwapi

SHDeleteKeyA

msvcrt

fscanf
??2@YAPAXI@Z
fopen
printf
fclose

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE