294813402018801df60453a588211f28_JaffaCakes118

General

Target

294813402018801df60453a588211f28_JaffaCakes118
Size

31KB
MD5

294813402018801df60453a588211f28
SHA1

9abbe367285b4372c0301d4f1f5c0be434c31ecc
SHA256

c665bb88ff592edf2defcd9bc55ffc2a0417cf092de86e1e6c5eba80e6880367
SHA512

3d742392f062f0859b087964e0371f5f80d61d58d5e24080329442aeae6b359420f482b27698a50bd656dadde5e35709f30ac3b2d4148860412fb622f94a9da2
SSDEEP

384:AwqFWA+IxOhECVSk2UWhRYIuynyRXepIhO9mKa6paQx/2bn9tE4ltChPDc40nD2R:Aw+lOdczO0R9EaNxq7MP8D2Im

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
294813402018801df60453a588211f28_JaffaCakes118

Files

294813402018801df60453a588211f28_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e014c4e9dbcb383a96665a7589414534

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
MoveFileExW
MoveFileW
GetTickCount
GetTempPathW
DeleteFileW
CreateEventW
CreateThread
VirtualAlloc
Sleep
OutputDebugStringW
SetEvent
GetFileAttributesW
ExitProcess
GetVersionExW
lstrcpyW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
lstrcatW
GetSystemDirectoryW
FreeLibrary
VirtualProtectEx
VirtualQueryEx
CreateProcessW
GetModuleFileNameW
lstrlenW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
OpenProcess
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetExitCodeProcess
CloseHandle

user32

wsprintfW

advapi32

OpenSCManagerW
QueryServiceStatus
ControlService
CloseServiceHandle
RegOpenKeyW
RegQueryValueExW
SetServiceStatus
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
OpenServiceW

userenv

CreateEnvironmentBlock

shlwapi

StrStrIW
StrRChrW

psapi

GetModuleFileNameExW

Exports

Exports

Launch
ServiceMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e014c4e9dbcb383a96665a7589414534

Headers

File Characteristics

Imports

kernel32

user32

advapi32

userenv

shlwapi

psapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 578B

.text
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 578B