56886409d017f5e7c382cd60f0f26331_JaffaCakes118 | Triage

Sharing

General

Target

56886409d017f5e7c382cd60f0f26331_JaffaCakes118
Size

5KB
MD5

56886409d017f5e7c382cd60f0f26331
SHA1

68321b62555fa9c3c99b036e93c09c3cb82dd0a5
SHA256

e170232e4b21ede34828ca102025aaeba0f770081dd9dae8a00051f23aeed411
SHA512

38114930ece8e655b174e570da1254edcc17f5446cfaae38fbab84b95a8055c431b268ec6b7cf9449e4b061c510ac193779145dde16aa01d2a35696943fc1244
SSDEEP

96:oANojXIZxyfWfCQETYStrL0h4fiwr7ONrt5TohSEg9sLYI:MjIWfW6QETY2YCfv78B2hq4YI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56886409d017f5e7c382cd60f0f26331_JaffaCakes118

Files

56886409d017f5e7c382cd60f0f26331_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e8f45cb315ef09ef477fb8a2a7497ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_endthread
exit
strncmp
srand
rand
_beginthread
_snprintf

kernel32

GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
CopyFileA
MoveFileExA
GetEnvironmentVariableA
GetShortPathNameA
GetLastError
LocalAlloc
SetFileAttributesA
GetTickCount
Sleep
SetErrorMode
GetCurrentProcess

advapi32

ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
QueryServiceConfigA
ChangeServiceConfigA
SetServiceStatus
OpenSCManagerA
CloseServiceHandle
CreateServiceA
OpenServiceA
StartServiceA
StartServiceCtrlDispatcherA

ws2_32

socket
htons
connect
send
bind
select
WSAGetLastError
ioctlsocket
listen
accept
WSACleanup
closesocket
recv
WSAStartup

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

shell32

ShellExecuteExA

Sections

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE