85dc78a832d7ce3c94b8a26763179fd4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85dc78a832d7ce3c94b8a26763179fd4_JaffaCakes118
Size

39KB
MD5

85dc78a832d7ce3c94b8a26763179fd4
SHA1

85a76e888e7cac5081fcf4898c5b4cba54f62fb4
SHA256

9549780c229928c86b1e76fbf1c0af2760168b04691b30b144f0caccc8316e9d
SHA512

692ca284d69c4775832818206531cc820784144797a5899a13a68f2e71df4514dde914d4623177ae150e49155d46ccf5e2e5e2dc227b5f23835a1d60756e9365
SSDEEP

384:E6YFH7w4XwVbADx8GSjhM0YtBg/Xi8r+0qujhfn:Eh64XWCeGqhutK/Xi8JXv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85dc78a832d7ce3c94b8a26763179fd4_JaffaCakes118

Files

85dc78a832d7ce3c94b8a26763179fd4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

842eb073363389da7948d9d9efefc612

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
Sleep
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
DisableThreadLibraryCalls
CreateThread
FreeLibraryAndExitThread
ExitProcess
CreateProcessA
FreeLibrary
GetStartupInfoA
WaitForSingleObject
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
MultiByteToWideChar
lstrcmpA
GetVersion
DeviceIoControl
GetCurrentProcessId
lstrcpyA
lstrcatA
lstrlenA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA

user32

wsprintfA
CharUpperA

advapi32

StartServiceA
OpenServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegCloseKey
DeleteService
OpenSCManagerA
ControlService

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetSetOptionA

ws2_32

inet_addr
WSAStartup
inet_ntoa
gethostbyname

shlwapi

SHDeleteKeyA

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free
_except_handler3
fopen
fseek
fread
fclose
strstr
strchr
atoi
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr

Exports

Exports

Init
ServiceMain

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

haoz
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

haoc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

842eb073363389da7948d9d9efefc612

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 1KB

haoz Size: 512B - Virtual size: 512B

haoc Size: 512B - Virtual size: 512B

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 1KB

haoz
Size: 512B - Virtual size: 512B

haoc
Size: 512B - Virtual size: 512B