d63f220e1699af8f714d4f69a10330c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d63f220e1699af8f714d4f69a10330c7_JaffaCakes118
Size

9KB
MD5

d63f220e1699af8f714d4f69a10330c7
SHA1

3e0736df8fc37b88ec6a266ca8e6e82022f663ff
SHA256

614e155cf0c0365e6883951e80e75e6fa081afd68c98b68167cb602ffc4b2269
SHA512

e42e3d1bb7e9bc2fbb3da93ab3c4a00b4f519c857342115f7b32c1a2e464834b33ff6759c78207924fd6c15319692b6dedf4f218637ed91d5345b57f117bc96b
SSDEEP

96:YRO4wjR1ClyiW2xucnA1YCFABbjoTCIaWWbnfNEP0Q0kk/uqr03rhtstZKmAQfr:UOp3+pxhnKYk+oTUxnVEx0kk61itsS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d63f220e1699af8f714d4f69a10330c7_JaffaCakes118

Files

d63f220e1699af8f714d4f69a10330c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0492908d9cd8d65114dac78ae905c862

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

GetModuleHandleA
GetShortPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
ReadFile
SetFileAttributesA
GetModuleFileNameA
VirtualAlloc
VirtualFree
GetLastError
WinExec
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
GetFileSize
GetEnvironmentVariableA
GetCommandLineA
ExitProcess
CreateFileA
CopyFileA
CloseHandle
Sleep
VirtualProtect

advapi32

StartServiceA
RegCloseKey
QueryServiceStatus
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
ChangeServiceConfigA
RegSetValueExA
RegOpenKeyExA

winspool.drv

DeletePrintProvidorW
AddPrintProvidorW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ