04ba739546e1645f105302367e2a11af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04ba739546e1645f105302367e2a11af_JaffaCakes118
Size

33KB
MD5

04ba739546e1645f105302367e2a11af
SHA1

03d1b0a776b6f79f96aafb57699b0b03bf40fa01
SHA256

3a0190277bb3a3b343ba54d53d01d176903d8a6e547fa979bba41556597183ff
SHA512

044cb54a9e60fb5606238e28b41243609ad293b0fd104a8e5cb9312390b534cd4e4ffb64d3932cebed118499ff58890af329e28d4e1db6bbb8b27dba0b7e1af1
SSDEEP

384:L5wHuAT0prGNWSlw9Xr2RNZ2xe1PuE04YA+xUKFI8eGV90vyUyZX6:Ln1GN69XrquxrE0tzbJZg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ba739546e1645f105302367e2a11af_JaffaCakes118

Files

04ba739546e1645f105302367e2a11af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

eb28b9662c6f27891b48f30862590f8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
SetServiceStatus
RegCreateKeyExA
RegisterServiceCtrlHandlerA
RegCloseKey

shlwapi

StrChrA
wnsprintfA
StrStrIA

kernel32

HeapAlloc
HeapFree
CloseHandle
GetLastError
OpenProcess
SetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
InterlockedExchange
GetEnvironmentVariableA
WideCharToMultiByte
lstrlenW
InterlockedCompareExchange
CreateRemoteThread
ReadProcessMemory
WriteProcessMemory
Sleep
VirtualAllocEx
lstrcpynA
GetCommandLineA
CreateProcessA
lstrcatA
lstrcpyA
HeapCreate

user32

TranslateMessage
PeekMessageA
CreateWindowExA
RegisterClassExA
DispatchMessageA
DefWindowProcA

psapi

GetProcessImageFileNameA

Exports

Exports

EntryPoint
ServiceMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ