27103804d477f149e07f5a430154e42b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27103804d477f149e07f5a430154e42b_JaffaCakes118
Size

17KB
MD5

27103804d477f149e07f5a430154e42b
SHA1

d8e9938a8b3d555f658fd66016777349966ba12e
SHA256

24c7949dd64ae6c1af39d51f99f9b551f793879b49a1081a5f5ab7abac554e3a
SHA512

ce6299c737c145ecc53397c0e5dc2e7dbbf3671126acd9ee826f176c35f9d2f5defa070dc20fd99eda24fbd08151f67a471f2130934984b90c5e2550f984ee89
SSDEEP

384:kNNHl4Pux71VWv9YpZZI7+/UIIVBjLWWsWA:kvHlBWv9uopt2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27103804d477f149e07f5a430154e42b_JaffaCakes118

Files

27103804d477f149e07f5a430154e42b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5066091306768048e535f2fee8b94f50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
WriteFile
WideCharToMultiByte
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
ReadFile
Process32NextW
GetVolumeInformationW
GetDriveTypeW
FindNextFileW
lstrcmpW
FindFirstFileW
lstrcatW
lstrcpyW
SetFilePointer
CreateFileW
MoveFileExW
GetModuleFileNameW
GetACP
MultiByteToWideChar
GetVersionExW
GetLastError
WaitForSingleObject
FreeConsole
CreateThread
CloseHandle
GetOEMCP
Sleep

user32

wsprintfW
PeekMessageW
GetMessageW
PostThreadMessageW

advapi32

GetUserNameW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegDeleteKeyW
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
IsTextUnicode

shell32

ShellExecuteW

ws2_32

WSACleanup
WSAStartup
socket
htons
connect
WSAGetLastError
gethostname
inet_ntoa
send
recv
gethostbyname
closesocket

msvcrt

strstr
swprintf
wcscat
_itoa
wcslen
??3@YAXPAX@Z
strncmp
??2@YAPAXI@Z
wcscpy
wprintf
printf
wcsncpy

Exports

Exports

ServiceMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5066091306768048e535f2fee8b94f50

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B