103472e3805f4e40e43f42d5172fa378_JaffaCakes118

General

Target

103472e3805f4e40e43f42d5172fa378_JaffaCakes118
Size

27KB
MD5

103472e3805f4e40e43f42d5172fa378
SHA1

01d0018d3e0efa876e7240a1e2dd764664e3c245
SHA256

1a14ce85dd6337c4bd083ae0fdb2672fc562e78d72f4f91a89de60035808b627
SHA512

686f9dce3301cc43bb090dcaf6546eede7548c3d8e7f9709f50d697fef9e656ca738319b51bc62398d4bd99e34bf525c6b700c1823743dc491f339dee7913015
SSDEEP

384:lVXR6i7A6fLDGOVKBedG871eXZ83K34k46gPcsPJsAHQnXRNsB7l:7J7LPGOVETqeSa34iyJd8hU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
103472e3805f4e40e43f42d5172fa378_JaffaCakes118

Files

103472e3805f4e40e43f42d5172fa378_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c9227455609c22fb668abbe60370743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenFile
NtImpersonateThread
RtlUnwind
wcsstr
NtAllocateVirtualMemory
NtDeviceIoControlFile
RtlAllocateHeap
RtlFreeHeap
NtClose
NtCreateFile
RtlInitUnicodeString
wcsncpy
RtlQueueWorkItem

rtutils

TraceRegisterExA
TraceDumpExA
TraceDeregisterA
TracePutsExA
TracePrintfA
TraceDeregisterExA
TracePrintfExA

advapi32

QueryServiceStatus
SetServiceStatus
ControlService
OpenSCManagerA
RegisterServiceCtrlHandlerA
OpenServiceA
CloseServiceHandle
StartServiceA

kernel32

WaitForSingleObject
GetTickCount
Sleep
BindIoCompletionCallback
GlobalFree
EnterCriticalSection
GetQueuedCompletionStatus
CreateEventA
InterlockedIncrement
Beep
SetLastError
InitializeCriticalSection
SleepEx
PostQueuedCompletionStatus
SetEvent
DeleteCriticalSection
lstrcpyW
ResetEvent
lstrlenW
DeviceIoControl
LeaveCriticalSection
GlobalAlloc
InterlockedDecrement

ws2_32

WSARecvFrom

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c9227455609c22fb668abbe60370743

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rtutils

advapi32

kernel32

ws2_32

Sections

.text Size: 3KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 24B

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 72KB

.text
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 24B

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 72KB