cf303150e6f4847f600a4abe1a4b9986_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf303150e6f4847f600a4abe1a4b9986_JaffaCakes118
Size

45KB
MD5

cf303150e6f4847f600a4abe1a4b9986
SHA1

cae0fe86263d10ac2df1302e4a4f7db901127442
SHA256

754ac7f10fa838863d866916f9cb73d19ee1fee68360fa21cff76fdfd34d3429
SHA512

36447660041d2d65889690577e9325c7b5b2ca8cd603b7977ae4956cef8d95535bc8140aeb75067daf149654e0ccc6bb567befd895e4b4be770f984ed643d07a
SSDEEP

768:uHy8NasO99FklKW0rI8TOI6unWcyzERYx3uqU+3/O+6ntwvJOi4DW1nQLHlcN:I9OmKW0rIBTMozkYx3u2O78X4C1UcN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf303150e6f4847f600a4abe1a4b9986_JaffaCakes118

Files

cf303150e6f4847f600a4abe1a4b9986_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e1da37eec9067e8e9f1fbaa047e11d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetLastError
GetTempFileNameA
GetSystemDirectoryA
DeleteFileA
DeviceIoControl
CloseHandle
CreateFileA
WinExec

advapi32

OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService

msvcrt

_stricmp
fclose
fwrite
fopen
sprintf
strncpy
strrchr
_snprintf
_strlwr

shlwapi

SHSetValueA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 992B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ