d477dab57fd201309fa39640946dbf28_JaffaCakes118 | Triage

Sharing

General

Target

d477dab57fd201309fa39640946dbf28_JaffaCakes118
Size

44KB
MD5

d477dab57fd201309fa39640946dbf28
SHA1

944119d2c6f487e6dff2908f31613b6b64154083
SHA256

6c4f696eba3c35710efcae861ec8205d79443460e3469d12e66f19b13a7eb3b4
SHA512

5e685102b3427b39ce7a48568923396cdfa8d646674a1312a2e092afd9961644271cb4f4485c01b3781ecc7714cefcd59205ab2f945ce28b03029f0e9872d312
SSDEEP

768:bvOGtM4UUGG3lpcN3sXugA2cZHtCnWgCcRkfctE7yE0XdPc5tsNIbOId5lhye9Ht:bvO74UUGWpcZkuB9Z8nWgCcmctwyXdPg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d477dab57fd201309fa39640946dbf28_JaffaCakes118

Files

d477dab57fd201309fa39640946dbf28_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ba474b317a922ff5f00f71a547f99b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
DeleteFileA
DeviceIoControl
CloseHandle
CreateFileA
WinExec

advapi32

DeleteService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA

msvcrt

_snprintf
fclose
fwrite
fopen
sprintf
strncpy
strrchr
_stricmp
_strlwr

shlwapi

SHDeleteValueA
SHSetValueA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 992B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ