8a901c447dc907687325b07110be6009_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a901c447dc907687325b07110be6009_JaffaCakes118
Size

65KB
MD5

8a901c447dc907687325b07110be6009
SHA1

78f240d0f402b833cf47f281f2cf61137b6f088f
SHA256

f88b76b9308e3d95b0071ea965fca155ecebe9e07e97d599e13fc2763ed2d0c1
SHA512

5657f00d1a2bf1aaef5ea63e18c6d336acfa172374c384cedaca549e8dd521dda0413e3719bd7852df1e0e4282e86bfb7e3568d342e43f2dbf15b582c0eec97f
SSDEEP

768:Nus1PulSwzRsKwdVthDU45D//ZUUtU9A2zOYWY8b6puXt5DYfX4QlieJlSkFLekR:P1d7XZrU9A2yYnEskQweGkJekIOBril

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a901c447dc907687325b07110be6009_JaffaCakes118

Files

8a901c447dc907687325b07110be6009_JaffaCakes118
.dll windows:5 windows x86 arch:x86

86aa0d1baa549db4bca10aad36c0c265

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
GetTickCount
CreateRemoteThread
WriteFile
GetVolumeInformationA
LoadLibraryW
Sleep
CopyFileW
SizeofResource
ReadFile
GetModuleFileNameW
CreateFileW
lstrcmpW
CreateProcessW
GetTempPathW
GetLastError
GetProcAddress
VirtualAlloc
LocalAlloc
LockResource
lstrcatW
CreateMutexA
VirtualProtect
CloseHandle
DeleteFileW
LocalFree
lstrcpyW
CreateThread
LoadResource
FindResourceW
FreeResource
SetFilePointer
GetEnvironmentVariableW
GetComputerNameA
GetCommandLineW
lstrlenW
ExitProcess

user32

wsprintfW
wsprintfA

advapi32

GetUserNameA
EqualSid
GetTokenInformation
RegCreateKeyW
OpenProcessToken
RegCloseKey
RegSetValueExW
AllocateAndInitializeSid

shell32

CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

ntdll

memset
memcpy
_wcsicmp
_chkstk
NtAllocateVirtualMemory
NtQuerySystemInformation
NtWriteVirtualMemory
NtOpenProcess

Exports

Exports

Co
ServiceMain
SvchostPushServiceGlobals
WLEventStartup

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86aa0d1baa549db4bca10aad36c0c265

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ntdll

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 8B

.rsrc Size: 54KB - Virtual size: 54KB

.reloc Size: 1024B - Virtual size: 568B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 8B

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 1024B - Virtual size: 568B