40d3c1ccc560377b6d8ba0e5992904d0_JaffaCakes118 | Triage

Sharing

General

Target

40d3c1ccc560377b6d8ba0e5992904d0_JaffaCakes118
Size

26KB
MD5

40d3c1ccc560377b6d8ba0e5992904d0
SHA1

8b89ddce7b01b6f60f8acf23c55addea86957b8e
SHA256

f7ca382030b43b84d9d8cba7895fe755540b512d1470cb19ac3117366ba299a1
SHA512

891a4d32f667f00120da67461c872128eb0cfcd0db6ba13957e548ec6a02e96c523226db3ed2b6cd62420e77f1efba53097ba624834edfbb208a0ca954b9010f
SSDEEP

384:eqdYImOUgwXB+SKQvz0PEalWF18yZ8f7LEiUbhohFWN:exoU1R+SKQv+sFV8f7LEiUWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40d3c1ccc560377b6d8ba0e5992904d0_JaffaCakes118

Files

40d3c1ccc560377b6d8ba0e5992904d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11350545170af605a3b65fb0e8ad38b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
GetModuleFileNameA
LockResource
GetLastError
DeviceIoControl
MoveFileA
GetWindowsDirectoryA
DeleteFileA
FreeLibrary
CopyFileA
lstrcatW
GetWindowsDirectoryW
GetVersionExA
GlobalFree
LoadLibraryExA
GlobalAlloc
GetSystemDirectoryA
CreateFileA
SizeofResource
WriteFile
CloseHandle
Sleep
FreeResource

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegCreateKeyA
ControlService

shell32

ShellExecuteA

msvcrt

exit
fclose
fprintf
fopen

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ