56cdf0b7bf7bd046d6307a693d835c2c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56cdf0b7bf7bd046d6307a693d835c2c_JaffaCakes118
Size

27KB
MD5

56cdf0b7bf7bd046d6307a693d835c2c
SHA1

6c8b835a57d76f915810199b7964b8033c13c6c2
SHA256

dccbb2d007bcfe2a62bffbd2fb681892e272f33be9caf796673750f5220e2f94
SHA512

97fbee01d89821c74ebfcc63b1bd05e3efccef62af5f2afa64891abb92fde5ac955ecd6c389cc250d91578bd0a17d94bc387c01a0466f7a900fcd2615160077b
SSDEEP

768:hkeOYQsmzIToVuCEzTKEapy4qPgs+UB1IfXXSy/d/:hkRihCESEapy4AX+O1KXi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56cdf0b7bf7bd046d6307a693d835c2c_JaffaCakes118

Files

56cdf0b7bf7bd046d6307a693d835c2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1c854b46681e4aed2e0884ab2414ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ExitProcess
SetFileAttributesA
GetVolumeInformationA
GetStartupInfoA
GetModuleHandleA
CloseHandle
GetModuleFileNameA
GetSystemDirectoryA
_lcreat
_lwrite
_lclose
WinExec
CreateFileA
OpenProcess
DuplicateHandle
GetCurrentProcess

user32

SetTimer
GetMessageA
TranslateMessage
KillTimer
DispatchMessageA

advapi32

CreateServiceA
OpenServiceA
ControlService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
DeleteService
OpenSCManagerA

msvcrt

__p__commode
_controlfp
sprintf
fclose
fwrite
fread
fopen
??2@YAPAXI@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_strupr
__p__fmode
__set_app_type
_except_handler3

shlwapi

PathFileExistsA

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA

iphlpapi

GetAdaptersInfo

Sections

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE