196fed61af44b9fcb872a0c39de5c852_JaffaCakes118

General

Target

196fed61af44b9fcb872a0c39de5c852_JaffaCakes118
Size

446KB
MD5

196fed61af44b9fcb872a0c39de5c852
SHA1

ec31778efc9d8ae2dc18a5fa74f07a9a845c3bc7
SHA256

88458218deb0e127203d70165fcfb4d9d51796515e1987ec5fbcfde89b21a14a
SHA512

dbfd9dc764eea7c7b94d84123268f208647216af781f27b37e21cf802b30fca91c84d9aaef4814ce0a17f04c6db36e21e66f32bae11813d1d66a67ec069b5b2a
SSDEEP

6144:icq/LxSnnh7LnbEfLRSD+yLaUrp4+IOgsahhJ1CJTSIkgm/xfnjdsukWNCw5pEq1:in2FD4E1p4+7chil2gmJfnjm5K4nW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
196fed61af44b9fcb872a0c39de5c852_JaffaCakes118

Files

196fed61af44b9fcb872a0c39de5c852_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f49a1f43fd8e248ef01f5ea2e41bfebb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
QueryServiceStatus
OpenSCManagerA
StartServiceA
ControlService

kernel32

GlobalFree
SetEvent
PostQueuedCompletionStatus
InterlockedIncrement
GetOverlappedResult
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
WaitForSingleObject
InitializeCriticalSection
BindIoCompletionCallback
Beep
GetLastError
DeviceIoControl
ResetEvent
LeaveCriticalSection
CreateEventA
Sleep
GlobalAlloc
lstrcpyW
InterlockedDecrement
SleepEx
EnterCriticalSection
DeleteCriticalSection

ntdll

wcsncpy
NtClose
RtlNtStatusToDosError
NtCreateSemaphore
NtAllocateVirtualMemory
RtlUnwind
RtlQueueWorkItem
RtlAllocateHeap
RtlInitUnicodeString
RtlFreeHeap
NtDeviceIoControlFile
NtWaitForSingleObject
NtOpenFile

rtutils

TraceRegisterExA
TracePutsExA
TracePrintfExA
TraceDeregisterA
TracePrintfA
TraceDeregisterExA
TraceDumpExA

ws2_32

WSARecvFrom

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f49a1f43fd8e248ef01f5ea2e41bfebb

Headers

File Characteristics

Imports

advapi32

kernel32

ntdll

rtutils

ws2_32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 22KB - Virtual size: 920KB

.rdata Size: 240KB - Virtual size: 240KB

.rsrc Size: 175KB - Virtual size: 175KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 22KB - Virtual size: 920KB

.rdata
Size: 240KB - Virtual size: 240KB

.rsrc
Size: 175KB - Virtual size: 175KB

.reloc
Size: 512B - Virtual size: 28B