a2601b9989ce9cd2932568c0b5e40726_JaffaCakes118

General

Target

a2601b9989ce9cd2932568c0b5e40726_JaffaCakes118
Size

84KB
MD5

a2601b9989ce9cd2932568c0b5e40726
SHA1

c4da9a686eb01e3fd484cdb15462f9a0a9b259d4
SHA256

2f63b7ef0cdb1c5e121d35dfcbdbae0170a3e53f8735562f474a748ea07ab08d
SHA512

677b062ffe11fe142ab92b8000d03337ae5950fb492ac088330094af0e0369309e08ed84de545eaaaab365acfadadc766474df435adeef594a37605064ffb1cc
SSDEEP

1536:XNAYhJY2B76KsiP5JDh4hEDg0mFIBzv68XEDDmAe:X2YLttjJD6D9wvN0XmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2601b9989ce9cd2932568c0b5e40726_JaffaCakes118

Files

a2601b9989ce9cd2932568c0b5e40726_JaffaCakes118
.dll windows:4 windows x86 arch:x86

20bece451248870d9a7c9cad8e195c71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
ReadFile
GetLastError
SetFilePointer
GetFileSize
CreateFileA
WriteFile
WaitForMultipleObjects
DisableThreadLibraryCalls
CreateEventA
FreeConsole
SetEvent
DeleteFileA
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
CreateProcessA
CreatePipe
GetSystemDirectoryA
GetSystemTimeAsFileTime
Sleep
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
EnterCriticalSection
LeaveCriticalSection

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyExA

msvcrt

rand
free
malloc
srand
??3@YAXPAX@Z
__CxxFrameHandler
atoi
sprintf
strncmp
_snprintf
strchr
wcstombs
strncpy
??2@YAPAXI@Z
_strnicmp
printf
_vsnprintf
__dllonexit
_onexit
_initterm
_adjust_fdiv

ws2_32

ntohs
gethostbyname
gethostname
inet_addr
recv
ioctlsocket
setsockopt
select
closesocket
htons
socket
connect
WSAGetLastError
send
shutdown
WSACleanup
WSAStartup

Exports

Exports

ServiceInit
ServiceMain

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20bece451248870d9a7c9cad8e195c71

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 1KB