fbf894d00408a9f98fec13835f346367_JaffaCakes118 | Triage

Sharing

General

Target

fbf894d00408a9f98fec13835f346367_JaffaCakes118
Size

15KB
MD5

fbf894d00408a9f98fec13835f346367
SHA1

c4dbe72eb3ffee7128be1463fe044efc0a2f4f2b
SHA256

482821aa14a46960e8f3aaff50aa73fc9d2f18f9b195746cf78440eb73dc5fba
SHA512

e0d9ce223c3929d7e7ce49f318dcc3a839f0c9a1fbb665a414782c4f3d7976cdf422fe8331004027840da97113a3247c3205b2492f77b80ab1cef0938aa77319
SSDEEP

384:2j3uP2UrhJtA1ocmhELUZSlU3Ow1nDVRQIocUYOm2V+:q3uP2Ud+OZQPwNoIiYOm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbf894d00408a9f98fec13835f346367_JaffaCakes118

Files

fbf894d00408a9f98fec13835f346367_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a6580dec2117f2da26293dfdb22ffb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
LocalAlloc
ExitProcess
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
CopyFileA
WriteFile
ReadFile
GetTickCount
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetVersionExA
DeleteFileA
CloseHandle
CreateProcessA
GetModuleHandleA
GetProcAddress
CreateFileA
GetCurrentDirectoryA
CreateFileMappingA
GetCurrentProcess

user32

DestroyWindow
ScreenToClient
MessageBoxA
InvalidateRect
GetSysColor
GetClassLongA
DrawIcon
GetWindowTextA

advapi32

CreateServiceA
OpenProcessToken
GetTokenInformation
StartServiceA
QueryServiceStatusEx
OpenServiceA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DeleteService
ControlService
OpenSCManagerA
CloseServiceHandle

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE