3870194e88e5cd9f43c408dc623280b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3870194e88e5cd9f43c408dc623280b9_JaffaCakes118
Size

45KB
MD5

3870194e88e5cd9f43c408dc623280b9
SHA1

718dc5d20c9168fc879a63efb83455a052dc6ab1
SHA256

06d36d2d9e2905676b42e1cb35b8c54ec28966d88bbb73e0d22aba056083ed28
SHA512

56616bc743e6c76d8167d736808fd192fc31eb9c58331b5394aa4d43b319a31c5063fba35a179c84730dee86b127f2a55ca878b9ea3094843cb5cb7e7decadce
SSDEEP

768:geHDsbEcWBxdjL4dJ2JtqQaI2t57+Rd1T49EjCqAGD6OCZfx:tTdsIbVxpCFx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3870194e88e5cd9f43c408dc623280b9_JaffaCakes118

Files

3870194e88e5cd9f43c408dc623280b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99173818de0a6bb77ef94c71521806e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
CreateFileA
lstrcatA
GetTickCount
GetTempPathA
GetCurrentProcessId
LockResource
SizeofResource
LoadResource
GetModuleHandleA
FindResourceA
GetCurrentDirectoryA
GetSystemDirectoryA
lstrcatW
GetSystemDirectoryW
GetCurrentThreadId
Process32Next
lstrcmpiA
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
wsprintfA
PostThreadMessageA
GetInputState

advapi32

ControlService
OpenSCManagerA
OpenServiceA

shell32

ShellExecuteA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ