5a9759f8b5d3db57dd06e846eb439687_JaffaCakes118

General

Target

5a9759f8b5d3db57dd06e846eb439687_JaffaCakes118
Size

30KB
MD5

5a9759f8b5d3db57dd06e846eb439687
SHA1

c024385978f62066b07ee1a22e1bcef2d6b370f0
SHA256

33b4d7a11ed51a325423056d7e98c5053921ca28f480b6e2d89d1598a31ddef3
SHA512

4f638f5255ff7fa6c29d18e7fe2042bc8346cafd3f13fe60c1e8f952b91a80826dc267c958a8f5c6851e2d48ac0d7cba3d608e3f334af1983aa556b7878c5457
SSDEEP

384:V+fztUmT/aKi/yr3VpMUqmK5MFMy0TTwmgvy61o3l8Qx:wxP/mqb9K5W5viGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a9759f8b5d3db57dd06e846eb439687_JaffaCakes118

Files

5a9759f8b5d3db57dd06e846eb439687_JaffaCakes118
.dll windows:4 windows x86 arch:x86

def7101716e7fdc2a9cc3e2ae8251883

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
FreeConsole
GetCurrentThreadId
RaiseException
SetLastError
LocalAlloc
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
InterlockedExchange
CreateEventA
SetEvent
WaitForSingleObject
CloseHandle

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor

msvcrt

_strrev
??1type_info@@UAE@XZ
_beginthreadex
wcstombs
strncpy
_except_handler3
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z

Exports

Exports

ServiceMain
aaaaaa
bbbbbbbbbbb

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

def7101716e7fdc2a9cc3e2ae8251883

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB