083a00646e99ea1627c6d7f653a27b81_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

083a00646e99ea1627c6d7f653a27b81_JaffaCakes118
Size

64KB
MD5

083a00646e99ea1627c6d7f653a27b81
SHA1

d6d138d4e4512c37036cb722c5982a9e2a4f678a
SHA256

977e64d253c706a698703ff70c3a31c23799594be2f760eb4d8ecdffb34c7fca
SHA512

3aef1e381c14a985f822d9c955fc470bd0a04dca3f05af576cd20b2df262e2964539fec85f9ce04ceeb74088a61972dc38398b6db984708d8368794682ae1f24
SSDEEP

768:uRajz9aF1ZUPT6axL0uGwVBc/OHLqV1IpIn2vOj9A9JsejLLT+x0cb:88z0CPTr50bwVBc/aFI2AQsej/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
083a00646e99ea1627c6d7f653a27b81_JaffaCakes118

Files

083a00646e99ea1627c6d7f653a27b81_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ee63b6680e6500559320500838d92ab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
WinExec
GetLastError
CloseHandle
WriteFile
CreateFileA
FreeConsole
Process32Next
TerminateProcess
lstrcmpiA
OpenProcess
GetSystemDirectoryA
CreateToolhelp32Snapshot
WaitForSingleObject
CreateProcessA
GetModuleHandleA
HeapFree
HeapAlloc
GetCurrentProcess
GetTempFileNameA
GetWindowsDirectoryA
lstrcatA
lstrcpyA
DeleteFileA
GetTempPathA
GetTickCount
Process32First
MoveFileExA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
GetStringTypeA

user32

wsprintfA

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

netapi32

Netbios

psapi

GetModuleFileNameExA
EnumProcessModules

ntdll

RtlUnwind

Exports

Exports

ServiceMain
hello

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee63b6680e6500559320500838d92ab2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

netapi32

psapi

ntdll

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 28KB - Virtual size: 41KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 28KB - Virtual size: 41KB

.reloc
Size: 4KB - Virtual size: 3KB