1b4056ca064f96e5c0c16cc592ca7b58_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b4056ca064f96e5c0c16cc592ca7b58_JaffaCakes118
Size

88KB
MD5

1b4056ca064f96e5c0c16cc592ca7b58
SHA1

fcf0bb90a7bd1875fef65f79ed98d2379861464b
SHA256

30a8938e692ffcaaa609424e6be7150bde480276f08c05bbd5da91c71d00328c
SHA512

eb7531c9cdbbea3bc3d057f8ebe92e23eba477aecaf585da5236e09179e9b0d69f192e2abac33ae5d443d2ef5a4b9c6966d9b7d560bbec3252165420d654e63b
SSDEEP

768:bYIlfmlzy/7VztNVg4Nat2ncTxEW+PQjPFyHK2lVJkVTo6M:UIJ0adpnncTxEnQ0KoJEo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b4056ca064f96e5c0c16cc592ca7b58_JaffaCakes118

Files

1b4056ca064f96e5c0c16cc592ca7b58_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aa6ddbe508d988d0579f1a02765e3254

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
StartServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA

kernel32

GetModuleFileNameA
CreateProcessA
WritePrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
lstrcatA
GetWindowsDirectoryA
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
Sleep
CopyFileA
MoveFileExA
OutputDebugStringA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetLastError
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
CreateDirectoryA

user32

wsprintfA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

inet_addr
send
recv
htons
socket
gethostbyname
connect
inet_ntoa
WSACleanup
WSAStartup
closesocket

netapi32

Netbios

Exports

Exports

ServiceMain
_UpdateProc@16

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa6ddbe508d988d0579f1a02765e3254

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 864B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 8KB - Virtual size: 4KB