0d4546f6d6445e224232538c2923d090_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d4546f6d6445e224232538c2923d090_JaffaCakes118
Size

133KB
MD5

0d4546f6d6445e224232538c2923d090
SHA1

3c038b3fbcc28b1efda38d407d259f44f42a6c3f
SHA256

519aaadc83bb0c03a9152721f49319609b17ef5027a7bc3087480338ed7f723a
SHA512

e593ffe93547c718f9ae371df220022ea47524c3689b23634c5cda9e913bdc685a715e68675bade659d86427d79ad36f5caa1c6f5e0d24e1d30f160149e21e24
SSDEEP

3072:0Om+1QXJjPTkdMxrNIBnBJo7dFEf02Acg4jHfxeo9AZ:0/Z3RrNQgF8IcxK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4546f6d6445e224232538c2923d090_JaffaCakes118

Files

0d4546f6d6445e224232538c2923d090_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9967ffe4c5b18353697d421993d48923

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
WinExec
FindFirstFileA
WaitForSingleObject
CreateThread
GlobalFree
DeviceIoControl
GlobalAlloc
Sleep
DeleteFileA
GetModuleFileNameA
GetTempPathA
GetProcAddress
GetModuleHandleA
GetLastError
WriteFile
GetSystemDirectoryA
GetFileAttributesExA
CreateFileA
SetFileTime
CloseHandle
GetVersionExA
GetTickCount
GetTempFileNameA

advapi32

OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService

msvcrt

memset
strcpy
??3@YAXPAX@Z
_stricmp
strncpy
strlen
fclose
fwrite
fopen
sprintf
rand
srand
_strlwr
strncat
memcpy
_snprintf
__CxxFrameHandler
_EH_prolog
strrchr
strcat
memmove
strchr

shlwapi

SHSetValueA
SHGetValueA

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 16B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1008B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ