f803f6b7454c5aa4e1b157e7fbf5d3a6_JaffaCakes118

General

Target

f803f6b7454c5aa4e1b157e7fbf5d3a6_JaffaCakes118
Size

155KB
MD5

f803f6b7454c5aa4e1b157e7fbf5d3a6
SHA1

8d1f7a6b2979b7c893b873d86c1bb6468dfc87ab
SHA256

2a41a22b7a28b080e6aa0f4f4fd786f599506d1fc92fd039bbca470f18f42344
SHA512

bf3ae2364599f24b650ec85f8b63c9d3e43c98649eef8e7a28b442bda18aa4ba3abe21df08be9184e123de468dd51fa32a055715ed5b7789c84b132b679d93a9
SSDEEP

3072:VeKe0RwngH6LrxwMvwYSu44JqTFEYUJHBlUf7Ty2UzyBJn2qfF/gS:omsgav6MLx9OmjH+Xnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f803f6b7454c5aa4e1b157e7fbf5d3a6_JaffaCakes118

Files

f803f6b7454c5aa4e1b157e7fbf5d3a6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff97da682ce5745528108836ae182b49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceStatus
OpenServiceA
ControlService
CloseServiceHandle
StartServiceA

rtutils

TraceRegisterExA
TracePutsExA
TraceDeregisterA
TraceDeregisterExA
TracePrintfExA
TracePrintfA
TraceDumpExA

ws2_32

WSARecvFrom

ntdll

RtlNtStatusToDosError
NtOpenFile
NtImpersonateThread
NtClose
NtDeviceIoControlFile
RtlAllocateHeap
NtWaitForSingleObject
RtlUnwind
RtlFreeHeap
NtCreateFile
wcsstr
NtAllocateVirtualMemory
wcsncpy

kernel32

GetOverlappedResult
InitializeCriticalSection
DeviceIoControl
GetCurrentProcess
DeleteCriticalSection
SetLastError
CreateEventA
ResetEvent
EnterCriticalSection
BindIoCompletionCallback
InterlockedIncrement
SetEvent
GetLastError
GetConsoleCP
InterlockedDecrement
lstrcpyW
GetQueuedCompletionStatus
Beep
SleepEx
Sleep
GetConsoleOutputCP
WaitForSingleObject
GlobalAlloc

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff97da682ce5745528108836ae182b49

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

rtutils

ws2_32

ntdll

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 1KB - Virtual size: 360KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 1KB - Virtual size: 360KB