327b0227ee1bdbbbd808b6e23bd3d7b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

327b0227ee1bdbbbd808b6e23bd3d7b2_JaffaCakes118
Size

48KB
MD5

327b0227ee1bdbbbd808b6e23bd3d7b2
SHA1

a9a19e13627b7af174eada5e016d79591d216b65
SHA256

d40c8457854f8f07943adf09fe5eaa47ce6d941331a457779ce82cea3089caf7
SHA512

f440cec5a659c50c9fa4e16e656d52a03e10aac36fed6ce18035b938e96b74f3db5411ef1c741b11075890501b369d60367983d08d3e2b87844afd133e02957e
SSDEEP

1536:zFFZvuEalWz3nBpTnN5YBoQFyW0tx3lbDBP7:zFFZvuEaacBt0tx3lb17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
327b0227ee1bdbbbd808b6e23bd3d7b2_JaffaCakes118

Files

327b0227ee1bdbbbd808b6e23bd3d7b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

81dbe69d81416d7123565dc3d8201ff3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
GetProcAddress
GetModuleHandleA
CreateProcessA
GetStartupInfoA
DeleteFileA
InterlockedDecrement
InterlockedIncrement
GlobalMemoryStatus
GetVersionExA
TerminateProcess
WriteFile
ReadFile
PeekNamedPipe
Sleep
CloseHandle
GetWindowsDirectoryA
FindFirstFileA
CreateFileA
GetTickCount
CreateThread
GetModuleFileNameA
GetCurrentProcess
CompareStringW
CompareStringA
lstrlenA
lstrcmpA
FindNextFileA
FindClose
GetDriveTypeA
lstrcpyA
GetDiskFreeSpaceExA
GetStringTypeW
GetStringTypeA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCPInfo
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetEnvironmentVariableA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

advapi32

RegSetValueExA
RegCloseKey
RegisterServiceCtrlHandlerW
SetServiceStatus
GetUserNameA
GetUserNameW
RegOpenKeyExA

shell32

ShellExecuteA

ws2_32

setsockopt
shutdown
closesocket
socket
gethostname
inet_ntoa
recv
send
gethostbyname
htons
connect
WSACleanup
WSAStartup
WSAIoctl

shlwapi

PathFindFileNameA
PathIsDirectoryA
PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashA

netapi32

NetUserGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

Exports

Exports

AlterService
ServiceMain
installA
uninstallA

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81dbe69d81416d7123565dc3d8201ff3

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

shlwapi

netapi32

iphlpapi

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB