84a15f870d804c2dd5e41922391adbf7_JaffaCakes118

General

Target

84a15f870d804c2dd5e41922391adbf7_JaffaCakes118
Size

20KB
MD5

84a15f870d804c2dd5e41922391adbf7
SHA1

519a9d398c1d23f4ff2c6f8cdee1dbacdc6ffef8
SHA256

9697ba9b8d1ceaf73e962336a33bd5bc6f001b7b280dec092cc253c8b1407319
SHA512

93226ce8cd7c2b31aa19ee725c606d3d981ebc3dc5dc499e1d4fd58796e481b019abc11e535472c6b08742eed2aa7d32cc636d7e8c5e19cea924e2f5dfcb8582
SSDEEP

384:j2L4PNGNlxOAjlvqQfVCRLgFulyTcCjJMxlZVXPB5x:jxYlqQoRLeTvexJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84a15f870d804c2dd5e41922391adbf7_JaffaCakes118

Files

84a15f870d804c2dd5e41922391adbf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6175c456895f44c3d7ee31869348df2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControls

advapi32

RegCreateKeyExA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA

user32

SetWindowTextA
SetTimer
SetDlgItemInt
SendMessageA
MessageBoxA
GetWindowThreadProcessId
GetWindowTextLengthA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
FindWindowA
ExitWindowsEx
DialogBoxParamA
wsprintfA
IsDlgButtonChecked

kernel32

lstrlenA
lstrcatA
WriteProcessMemory
WriteFile
VirtualAllocEx
Sleep
RtlZeroMemory
OpenProcess
GetWindowsDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetLastError
CloseHandle
CopyFileA
CreateFileA
CreateRemoteThread
ExitProcess
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess

wsock32

WSAAsyncSelect
WSAStartup
accept
bind
closesocket
htons
listen
recv
send
socket

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6175c456895f44c3d7ee31869348df2e

Headers

File Characteristics

Imports

comctl32

advapi32

user32

kernel32

wsock32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 69KB

.rsrc Size: 11KB - Virtual size: 29KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 69KB

.rsrc
Size: 11KB - Virtual size: 29KB