37898ed0a4677cff10f7701a01965c60_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37898ed0a4677cff10f7701a01965c60_JaffaCakes118
Size

49KB
MD5

37898ed0a4677cff10f7701a01965c60
SHA1

b061b3c64b0a4587d06bcfc5f6a280bb26dcbd60
SHA256

e072eb9570e0cfb3a17c1e62f400c2b53e6619192fc64da9f5fc285f969a0d3e
SHA512

0f013754008020f30259d7611e04370493601d9cf94a38aff9a6a2b5a4b51db8be99fada6f91bcd006c607ef60760109c4b6a3935879110870a8841381e7481d
SSDEEP

1536:D9wIOGFnToIfhmEW0kwFLTIyP1SdIEs5KY:JmGtTBfxL5P1SSEs5KY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37898ed0a4677cff10f7701a01965c60_JaffaCakes118

Files

37898ed0a4677cff10f7701a01965c60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

059e22b42d495b050baae2a5c1555006

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
WriteFile
SetCurrentDirectoryA
GetWindowsDirectoryA
ReadFile
DeleteFileA
LocalAlloc
LocalFree
ExitProcess
GetModuleFileNameA
GetShortPathNameA
lstrcpyA
GetFileAttributesA
lstrlenA
CreateFileA
SetFileTime
CloseHandle
lstrcatA
SetFilePointer

user32

IsCharAlphaNumericA

advapi32

CloseServiceHandle
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteA

msvcp60

??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

msvcrt

malloc
strcpy
memset
strncmp
free
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
memcpy

Sections

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE