26e4e34ae98b671493dbbe2e06249bbf_JaffaCakes118

General

Target

26e4e34ae98b671493dbbe2e06249bbf_JaffaCakes118
Size

113KB
MD5

26e4e34ae98b671493dbbe2e06249bbf
SHA1

1bb8fa03679b028ab388222c08648b52532ae1d1
SHA256

2a50a7a82d8c5cb35902a5cede4d67659f0ddbd400ac6dc9370b2eaf7b7f187d
SHA512

a21d58b2d6f1e0f5e27027b0ddba0a079d5796f7a43a6e45e131303b2c2e18b7b2c85b453fe08673e246b4511aa1614be9e3ab46d010f98886256c0c068d4fe0
SSDEEP

3072:o8B/lFbG1lOaLK/PWO3y+L5h8uNw/XKxLM7qA0z87:jNHbGzLK/e4RL/8sM6xw710z8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e4e34ae98b671493dbbe2e06249bbf_JaffaCakes118

Files

26e4e34ae98b671493dbbe2e06249bbf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6663eeb79a59f91f5a7852e0038a9ae0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
WaitForMultipleObjects
MultiByteToWideChar
GetCurrentProcess
IsBadReadPtr
WaitForSingleObject
GetTickCount
InterlockedExchangeAdd
GetCurrentProcessId
GetProcAddress
FreeLibrary
InterlockedCompareExchange
VirtualFree
Sleep
SetLastError
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
SleepEx
OutputDebugStringA
SetEvent
UnmapViewOfFile
HeapFree
HeapDestroy
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
SwitchToThread
ResetEvent
IsBadCodePtr
IsBadWritePtr
VirtualProtect
GlobalFree
GetCommandLineA
GetLastError
GlobalAlloc

advapi32

QueryServiceStatus
StartServiceA
OpenServiceA
OpenSCManagerA
RegEnumValueW
RegQueryInfoKeyA
RegNotifyChangeKeyValue
SetServiceStatus
RegSetValueExA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RevertToSelf

msvcr71

_except_handler3
wcslen
memmove
wcscpy
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
__dllonexit
_onexit

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6663eeb79a59f91f5a7852e0038a9ae0

Headers

File Characteristics

Imports

kernel32

advapi32

msvcr71

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 3KB