179bf4448c216fa41d3fba9398972182_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

179bf4448c216fa41d3fba9398972182_JaffaCakes118
Size

27KB
MD5

179bf4448c216fa41d3fba9398972182
SHA1

c3104f5694052f8a737b46faf3d4db77e08f74d0
SHA256

1a36106dbd5a90ff57da211c52dbdb70cc4a6fa86585e34029c7c8a15c7fae1f
SHA512

4fa072c63fd17b533b48036333e9a74a77a885112fa428db8b4a61e21eee1ea0e86a4b8ed12374963737b887819f7f597d8f643038357b87add1d9cabd9a033a
SSDEEP

384:tvBfbO+xcJEOkoQLsB6axV0PYPB4QzoVhI/d3/8uto9BaXWKQDUwOkta70Wd0mWt:vGJENLNOPNARm8BaXWK1caY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179bf4448c216fa41d3fba9398972182_JaffaCakes118

Files

179bf4448c216fa41d3fba9398972182_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b4f56662d57ea880af3d7add32bc4ac0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
Sleep
lstrcpyW
GetModuleFileNameW
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
UnmapViewOfFile
ReadProcessMemory
CreateThread
CreateFileMappingW
GetFileSize
CreateFileW
lstrcatW
GetSystemDirectoryW
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
OpenProcess
lstrlenW
CreateEventW
WaitForSingleObject
DeleteFileW
GetTempPathW
GetTickCount
MoveFileW
MoveFileExW
CloseHandle
TerminateThread
MapViewOfFile
ExitProcess

user32

wsprintfW

advapi32

LookupPrivilegeValueW
RegisterServiceCtrlHandlerW
RegOpenKeyW
RegQueryValueExW
SetServiceStatus
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shlwapi

SHDeleteKeyW
StrRChrW

Exports

Exports

Launch
ServiceMain

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ