0874b2e7fd916e7c652af910dc405b7f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0874b2e7fd916e7c652af910dc405b7f_JaffaCakes118
Size

11KB
MD5

0874b2e7fd916e7c652af910dc405b7f
SHA1

af8157bef415353fdd3b4f30226b252ff51cd67c
SHA256

e619daeef4287974131b4abe90dd1ac0d4487dbbd16e16027fb326ef44ebbe84
SHA512

a70fdc1897876a80c9e5e78b5f67ca6c1158a9d29039dbabf6f6109f0a90069f3cfbe65522d2889488ff888609ab6be2d5a10a1f08f72b9804ee1ee07029a74c
SSDEEP

192:tLsE405hgqRIeyEArd3jMZoprLzc1zNI3KJx5tRC0ZL6T1oynLGY:6qRIeyECO0LzkzNI692T1dG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0874b2e7fd916e7c652af910dc405b7f_JaffaCakes118

Files

0874b2e7fd916e7c652af910dc405b7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

edcbb038297530d9c9ad9d071cddb316

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

mfc42

ord926
ord800
ord561
ord815
ord5651
ord3127
ord3616
ord3663
ord665
ord2764
ord1979
ord5442
ord5186
ord860
ord350
ord825
ord354
ord941
ord6648
ord2614
ord6383
ord5440
ord6394
ord5450
ord823
ord537
ord858
ord939
ord2915
ord2818
ord540

msvcrt

memset
_mbscmp
__CxxFrameHandler
memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__dllonexit
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__setusermatherr

kernel32

GetStartupInfoA
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentProcess
OpenProcess
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
CreateMutexA
GetLastError

user32

FindWindowA
GetWindowThreadProcessId
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceCtrlDispatcherA
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA

ws2_32

closesocket
send
connect
htons
socket
gethostbyname
WSAStartup

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ