5bf144803210994845f0e62939fa60d6_JaffaCakes118

General

Target

5bf144803210994845f0e62939fa60d6_JaffaCakes118
Size

16KB
MD5

5bf144803210994845f0e62939fa60d6
SHA1

6fb41d4599d84f5a576856a26128e4138a78715b
SHA256

e00ac11ed467da1e66a93bbc7b92ce050f21b8cf46b1e65dd113006b87b063ee
SHA512

9f7d3b3d1374c5309554e5d0ea313ae004b4e617ce1d74be3693b7cc95ea086658fb358bf46a900d43d674d4b0ec0ab664176bab0dae7713fc85fb7bd5214edb
SSDEEP

384:pTO2RwV4SIdAKfqS2sMoanwjgTWdQWZqs:UcwGdpfqS2sDLkebV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf144803210994845f0e62939fa60d6_JaffaCakes118

Files

5bf144803210994845f0e62939fa60d6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1a4d4ee5243decd1f5174f6295d4a541

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
_itoa
strchr
strrchr
wcscpy
wcslen
wcscat
wcsncpy
_wcsicmp
wcschr
_ultoa
wcscmp

kernel32

Sleep
GetLastError
ReadFile
CloseHandle
LocalFree
CreateMailslotW
LocalAlloc
GetTimeFormatA
GetDateFormatA
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
FreeLibrary
GetComputerNameExW
GetTimeZoneInformation
LoadLibraryExW

netapi32

NetApiBufferFree
NetMessageBufferSend
I_NetNameCanonicalize
NetApiBufferAllocate
NetpIsRemote
I_NetNameCompare

advapi32

RegCloseKey
RegQueryInfoKeyW
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegisterServiceCtrlHandlerW
SetServiceStatus

ntdll

RtlNtStatusToDosError
RtlCopySid
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlUnicodeStringToOemString
RtlxUnicodeStringToOemSize
NlsMbOemCodePageTag
RtlInitUnicodeString
RtlOemStringToUnicodeString
RtlxOemStringToUnicodeSize
RtlInitString
RtlInitAnsiString

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4d4ee5243decd1f5174f6295d4a541

Headers

File Characteristics

Imports

msvcrt

kernel32

netapi32

advapi32

ntdll

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 1024B - Virtual size: 856B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 1024B - Virtual size: 856B