5f7a55a7bba8f3aba768738a53d1e821_JaffaCakes118

General

Target

5f7a55a7bba8f3aba768738a53d1e821_JaffaCakes118
Size

64KB
MD5

5f7a55a7bba8f3aba768738a53d1e821
SHA1

bbcec78503fbaedc277832962948069df7010b13
SHA256

676773eb8213b4468cefd4eaec24a0f86fddd56d93e5b90959801cfd03fff17c
SHA512

e78ba8328c19ad1f0012081cd0ef3a2604e582e6836dbe046c531e204bbf836cc218dd7b01681f6a5b3fea2754c4406523ee31b57f3273e0866853871e7857a7
SSDEEP

768:rsT/u7DYcV9TdVSZZbra4U2GX2cjOeFinDS7UZ5rRQWs:AT/u3H9TCwqGX25G7UHrKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f7a55a7bba8f3aba768738a53d1e821_JaffaCakes118

Files

5f7a55a7bba8f3aba768738a53d1e821_JaffaCakes118
.dll windows:5 windows x86 arch:x86

75ee7a0cdd366d4eebf5e6e5faa3c2c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32Next
DeviceIoControl
CreateToolhelp32Snapshot
CloseHandle
DeleteFileA
WaitForSingleObject
CreateThread
OpenProcess
VirtualAlloc
WinExec
GetCurrentProcessId
lstrcpyA
GetLastError
CreateRemoteThread
Module32First
lstrcmpiA
VirtualAllocEx
Module32Next
WriteProcessMemory
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleA
LoadLibraryExA
lstrcatA
GetSystemDirectoryA
Sleep
WriteFile
Process32First
SetFilePointer
FreeLibrary
CreateFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
TerminateProcess
IsDebuggerPresent

advapi32

OpenSCManagerA
StartServiceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

Export1

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75ee7a0cdd366d4eebf5e6e5faa3c2c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

psapi

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 34KB - Virtual size: 34KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 34KB - Virtual size: 34KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 2KB