4854c043b3ecc9bd40b677b313030de4_JaffaCakes118

General

Target

4854c043b3ecc9bd40b677b313030de4_JaffaCakes118
Size

75KB
MD5

4854c043b3ecc9bd40b677b313030de4
SHA1

51eefbf0719ab943c25f3d98ef51d9a87e9bf14b
SHA256

b42ca833213efc79e11a77b053f498823a0349bed89d37e360dee716669e0bde
SHA512

11e1184e0d213c26126f0c9843adb190ed889e4f99f3c92580fde122e35c7556133a7447773542a549868287931af6b0865542c54b79919698d0dbe06faa1a92
SSDEEP

768:OH+VAdm1zgDtECeNvt2yuEGOqdN9gAePR8XH:6s6tz+t3uNtT/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4854c043b3ecc9bd40b677b313030de4_JaffaCakes118

Files

4854c043b3ecc9bd40b677b313030de4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

28a3d5fdab3530a1873fe8abafadd441

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
FindResourceA
WriteFile
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
ReleaseMutex
GetLastError
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
lstrcmpiA
FindClose
FindNextFileA
lstrcpyA
LoadResource
lstrcatA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcess
GetCurrentProcessId
CreateFileA
DeleteFileA
MoveFileExA
CopyFileA
GetModuleFileNameA
CreateMutexA
GetModuleHandleA
CloseHandle
FindFirstFileA
Sleep

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA

msvcrt

strstr
free
_beginthreadex
??2@YAPAXI@Z
memset
strncat

Exports

Exports

CoGetComCatalog
GetName
GetRPCSSInfo
ServiceMain
WhichService
_GetName@16

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a3d5fdab3530a1873fe8abafadd441

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 66KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 65KB - Virtual size: 64KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 66KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 1KB - Virtual size: 1KB