09a111a547fb4088a856eb9302d6cc6a_JaffaCakes118

General

Target

09a111a547fb4088a856eb9302d6cc6a_JaffaCakes118
Size

21KB
MD5

09a111a547fb4088a856eb9302d6cc6a
SHA1

ade5a00740b0735e3dc748b1e1171dfb50600730
SHA256

d8d784a3db192816029fc7ad8fb8149a3ada5942ed111a635a5b057e30e3d700
SHA512

882bfc8a65aa895bcc36cd621925b7d0df9c3302594c3220b33c892e59c7e53f8530cd0f097e81b2ef0055a5512ee8b86e263f7cc7669e1751b4c670689c4a3b
SSDEEP

384:zM/5kSs+P1ylxAfTpoUQtehxDtOBFL725CPwH7QGHG4:R+dQAbpd+eHtOBFL7or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09a111a547fb4088a856eb9302d6cc6a_JaffaCakes118

Files

09a111a547fb4088a856eb9302d6cc6a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aab718717c1bc6818ce8eca95d233a00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetProcessHeap
GetStartupInfoA
GetTempFileNameA
GetTempPathA
GetThreadContext
GetTickCount
HeapAlloc
HeapFree
LoadResource
LockResource
MoveFileA
OpenEventA
OpenProcess
Process32First
Process32Next
ReadFile
GetModuleHandleA
SetEvent
SetFileAttributesA
SetThreadContext
SizeofResource
Sleep
VirtualAlloc
VirtualAllocEx
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA
GetModuleFileNameA
GetLastError
GetFileSize
GetCurrentThreadId
FindResourceA
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateProcessA
CreateFileA
CreateEventA
CreateDirectoryA
ResumeThread
CloseHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegCreateKeyA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
ControlService
CloseServiceHandle
AdjustTokenPrivileges
RegSetValueExA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aab718717c1bc6818ce8eca95d233a00

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 360B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 360B