ebcd8658af1b28ae9ce7c9cc693b3ee1_JaffaCakes118

General

Target

ebcd8658af1b28ae9ce7c9cc693b3ee1_JaffaCakes118
Size

199KB
MD5

ebcd8658af1b28ae9ce7c9cc693b3ee1
SHA1

3a4b2f5c0ff03d0243bc9f2def25bfc991e5fdf2
SHA256

6801f1752199ed53b502eacd6635a3114cd922213962667684f83e7320eb18cd
SHA512

639b905ba9c024bb33e46b897efc6210f0296d19ffacad8b2fa18d5806708445eb472babb450e3ec13480879b2a0d45a9c0232134b49cfea9ccf80e964971602
SSDEEP

3072:oT0nH6V++TneBkBl+eHMIs59ISPSEd5Ag+V18Q38/A3nSjQ60w/Mfjxu/AOW:o4nEeOf+xIc9pP9mV1wY3SjVUxu/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebcd8658af1b28ae9ce7c9cc693b3ee1_JaffaCakes118

Files

ebcd8658af1b28ae9ce7c9cc693b3ee1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4543fe5b96c45f9864f6d764e752166c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcessHeap
GetSystemTimeAsFileTime
GetVersionExA
HeapDestroy
HeapFree
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
LocalAlloc
LocalFree
MultiByteToWideChar
UnhandledExceptionFilter

advapi32

ChangeServiceConfig2A
ControlService
CreateServiceA
EqualSid
FreeSid
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.rsrc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4543fe5b96c45f9864f6d764e752166c

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 177KB - Virtual size: 176KB

.data Size: 2KB - Virtual size: 148KB

.bss Size: 6KB - Virtual size: 6KB

.idata Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 732B

.text
Size: 177KB - Virtual size: 176KB

.data
Size: 2KB - Virtual size: 148KB

.bss
Size: 6KB - Virtual size: 6KB

.idata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 732B