f1c7d797292861048d7c5dd9e70c0a11_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f1c7d797292861048d7c5dd9e70c0a11_JaffaCakes118
Size

364KB
MD5

f1c7d797292861048d7c5dd9e70c0a11
SHA1

c51ffe5f764773492450939811d707062362ce62
SHA256

d43ca0f93a21f9f50362f2fdafff813aef3a87ccb9d50b79a7d765b263ea51c0
SHA512

c9d1e82f85db85a0c12045809ef9812e92c63492c56a308be5fee547c52f5c902b2e821def870f67aac39e0d990055d2266d7da187ccd64423cb592c874a9d74
SSDEEP

6144:8AdE6LMmdA3hwdI7fTz62Um3wYciAiKYoAUfQ4Z9OD+9Hk4vQOcu53NZeSOWVm:znWw27fnpv8bOMnRekm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1c7d797292861048d7c5dd9e70c0a11_JaffaCakes118

Files

f1c7d797292861048d7c5dd9e70c0a11_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8c1f8a5c96e9cb572733ff536450b7cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

StarWindServiceAE.pdb

Imports

advapi32

CloseServiceHandle
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CreateServiceA
OpenSCManagerA
QueryServiceStatus
StartServiceA
OpenServiceA
ControlService
SetServiceStatus
RegQueryValueExA
RegOpenKeyExA
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
DeleteService

kernel32

HeapAlloc
GetProcessHeap
HeapFree
FormatMessageA
CloseHandle
InterlockedExchange
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
TerminateThread
WaitForSingleObject
Sleep
GetThreadPriority
SetThreadPriority
GetCurrentThread
ExitProcess
CreateThread
DuplicateHandle
GetCurrentProcess
SetEvent
ResetEvent
ReleaseSemaphore
SetWaitableTimer
CancelWaitableTimer
InterlockedExchangeAdd
CreateEventA
CreateSemaphoreA
CreateWaitableTimerA
GetCurrentThreadId
GetLastError
WaitForMultipleObjects
WaitForSingleObjectEx
FreeLibrary
GetCurrentProcessId
CreateFileA
GetLocalTime
GetProcAddress
LoadLibraryA
GetModuleFileNameA
QueryPerformanceFrequency
QueryPerformanceCounter
DeviceIoControl
FindVolumeClose
FindNextVolumeA
FindFirstVolumeA
GetSystemInfo
FlushFileBuffers
GetStdHandle
GetModuleHandleA
GetVersionExA
SetUnhandledExceptionFilter
CreateProcessA
CreateMutexA
SetConsoleCtrlHandler
SetCurrentDirectoryA
SleepEx
GetTickCount
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualQuery
VirtualProtect
GetConsoleMode
GetConsoleCP
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
GetModuleHandleW
InitializeCriticalSection
HeapSize
HeapReAlloc
SetFilePointer
ReadFile
SystemTimeToFileTime
CreateDirectoryA
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
GetCommandLineA
RaiseException
RtlUnwind
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA

ws2_32

connect
recvfrom
sendto
WSAStartup
WSACleanup
select
setsockopt
WSASend
htonl
ntohl
socket
WSAGetLastError
inet_addr
htons
bind
listen
accept
ntohs
WSAIoctl
recv
send
shutdown
closesocket
gethostbyname
inet_ntoa
WSARecv
gethostbyaddr

user32

GetSystemMetrics
UnregisterDeviceNotification
RegisterDeviceNotificationA
BroadcastSystemMessageA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysStringLen
SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c1f8a5c96e9cb572733ff536450b7cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ws2_32

user32

ole32

oleaut32

Sections

.text Size: 336KB - Virtual size: 336KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 336KB - Virtual size: 336KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 19KB - Virtual size: 18KB