f0627dd6b7b767e7285ff3fc476026a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0627dd6b7b767e7285ff3fc476026a9_JaffaCakes118
Size

10KB
MD5

f0627dd6b7b767e7285ff3fc476026a9
SHA1

f63b05527f7b6521204e1596275f2eb32ff47cc9
SHA256

040ec53cd12f0c93441be2dbc1be27de6a5d327ed5b79978b003ff51f8a15c3d
SHA512

c3329e51c295f8333bb757ff57ce3d13aca05c5a92f33f316a2963b016b8be094bc0f43a51a995b5d815e0d6cfa7d08fadaa73d2c450586ae8167f41bc02519a
SSDEEP

192:WksocwCnBe7YE/XYypHLoJj5MGUdn4YeAQHQvwslTQv:WksocilNA5MGUn4YyHQ/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0627dd6b7b767e7285ff3fc476026a9_JaffaCakes118

Files

f0627dd6b7b767e7285ff3fc476026a9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1cc681cd43fd7a11770e28dbd59fffa6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_strcmpi

kernel32

GetWindowsDirectoryA
MoveFileA
GetLastError
TerminateProcess
OpenProcess
DeleteFileA
SetLastError
lstrcpyA
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentProcess
CloseHandle
lstrcatA
lstrlenA
GetPrivateProfileStringA

user32

wsprintfA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegSaveKeyA
RegRestoreKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Exports

Exports

z
zs
zss
zssh
zsshu
zsshua
zsshuai

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ