2539fbe37d0df15ca526c2aa093012d9_JaffaCakes118

General

Target

2539fbe37d0df15ca526c2aa093012d9_JaffaCakes118
Size

60KB
MD5

2539fbe37d0df15ca526c2aa093012d9
SHA1

a9ef38eee509baa74d730cba2462bf8ca16c4190
SHA256

dd7ce5be7b5cf7ab16a428b22b1348891f51e9fe754881138b32aeab994e3ac3
SHA512

983ceda742d917a804d543be75ea4678272b247c5bec9e0df1d9452a77864e738b34aa0943bc524095abbd185caf0198640afc52477e3f9633a2d5cfc8fa39eb
SSDEEP

768:0N3S3OZwzUDNzn6S97asBVVDhz5IttZW8yXwBGdZKf:01aOZnx6S97asBVphQt48yZvK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2539fbe37d0df15ca526c2aa093012d9_JaffaCakes118

Files

2539fbe37d0df15ca526c2aa093012d9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d5e6528a75a83bbace28f20501059bd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
ReleaseMutex
GetLastError
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
lstrcmpiA
FindClose
FindNextFileA
lstrcpyA
FindFirstFileA
SizeofResource
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
GetModuleHandleA
LoadResource
CreateFileA
WriteFile
DeleteFileA
MoveFileExA
CopyFileA
GetModuleFileNameA
CreateMutexA
CloseHandle
lstrcatA
Sleep

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shlwapi

StrStrIA
PathFileExistsA

msvcrt

strstr
strncat
memset
??2@YAPAXI@Z
memcpy
_beginthreadex
??3@YAXPAX@Z

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
Ins
ServiceMain
WhichService
_Ins@16

Sections

.bss
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5e6528a75a83bbace28f20501059bd2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.bss Size: - Virtual size: 66KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 52KB

.reloc Size: 1024B - Virtual size: 972B

.bss
Size: - Virtual size: 66KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 1024B - Virtual size: 972B