41847b35ff49d0138dac769688d92b1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41847b35ff49d0138dac769688d92b1e_JaffaCakes118
Size

248KB
MD5

41847b35ff49d0138dac769688d92b1e
SHA1

9d8db800b797549838e4ec6ec5514ffe73f6f0b0
SHA256

6c1195c8f1a6f1f2f03cab29c4a628ee200af8f8c53bdecb1caabf9edbfc74d7
SHA512

b21f904fc1b4f015d8b2b8ffcbf10feaf56f56f2acfbea58ba95280ca4f8a6d7d3897d19e2d6a965466f4ebbcf1fbe6f6c05acf28649edec7af7fd16bfb9ada3
SSDEEP

3072:dm8sNheefJbZnSPy8SJB+KXljy4NNF7fecdjYFzSmCDlluk6ZAnEiir0GnxNQ3sM:d5s/2SblW47KWmCBluk6ZAEiU0GnxK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41847b35ff49d0138dac769688d92b1e_JaffaCakes118

Files

41847b35ff49d0138dac769688d92b1e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a9dadb8b35c691e86bd93549046c2c4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\prj\mok_20120302\release\sbcvv8wjnk.pdb

Imports

wininet

HttpOpenRequestA
InternetSetFilePointer
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetOpenUrlA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
HttpQueryInfoA

kernel32

GetStringTypeW
LCMapStringW
GetLastError
GetProcAddress
CompareStringA
InterlockedExchange
LoadLibraryA
FreeLibrary
CompareStringW
GetLocaleInfoA
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemDirectoryA
CreateProcessA
CloseHandle
lstrlenA
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
LoadLibraryW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
SetEnvironmentVariableA
FlushFileBuffers
GetThreadLocale
GetVersionExA
VirtualAlloc
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeA
ReadFile
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
FreeEnvironmentStringsA
GetModuleHandleA
GetSystemTimeAsFileTime
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetFileType
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetHandleCount
GetStartupInfoA
SetStdHandle
SetEndOfFile

user32

UnregisterClassA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
RegSetValueExA

Exports

Exports

ServiceMain
_HandlerEx@16

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9dadb8b35c691e86bd93549046c2c4c

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 18KB