831d9194b01d451192ee56fc152e5aaf_JaffaCakes118

General

Target

831d9194b01d451192ee56fc152e5aaf_JaffaCakes118
Size

26KB
MD5

831d9194b01d451192ee56fc152e5aaf
SHA1

0e45cd7116cf057c859834ab60153eea0f8d4c2b
SHA256

05212ebd8902f5371df6fbcaa5c689fc74ea0d7f343fb423e64ca9150c7dd7f7
SHA512

0146ab1742ac2dd22cbc535e60d94af453355bb896caa93318384eed696ff96e3981d0589db62d84e890d48fe168d0e53863ac9eb667a33d9d023fee9359fdb5
SSDEEP

768:y5T46/xZZhLvC6IWaXfHXRTXyBqL2b3mzb:y5TLhLvjaX/XRXwqa2/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
831d9194b01d451192ee56fc152e5aaf_JaffaCakes118

Files

831d9194b01d451192ee56fc152e5aaf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e894759babccabf532c11d571ccc6517

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\buildsystem\node\spamkiller_li10150_6338266044928.build\build\win32\release\MskSrver.pdb

Imports

kernel32

SetCurrentDirectoryW
GetModuleFileNameW
HeapAlloc
IsBadReadPtr
Sleep
lstrlenW
FreeLibrary
IsBadCodePtr
GetProcessHeap
HeapFree
GetCommandLineW
ExitProcess
CreateEventW
CreateThread
GetProcAddress
WaitForSingleObject
SetEvent
LoadLibraryExW
OpenMutexW
GetLastError
CreateMutexW
CloseHandle
LoadLibraryW
WaitForMultipleObjects
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TerminateProcess
GetCurrentProcess
IsDebuggerPresent

advapi32

RegisterServiceCtrlHandlerW
CreateServiceW
ChangeServiceConfig2W
RegQueryValueExW
StartServiceCtrlDispatcherW
SetServiceStatus
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e894759babccabf532c11d571ccc6517

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 844B

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 844B

.rsrc
Size: 11KB - Virtual size: 10KB