a73307420e42eccd3e985ab1ba9b5024_JaffaCakes118

General

Target

a73307420e42eccd3e985ab1ba9b5024_JaffaCakes118
Size

25KB
MD5

a73307420e42eccd3e985ab1ba9b5024
SHA1

4c5ea500655176632efc40b1440868972533c61e
SHA256

ea53517187df1b4e5a62d0258457ec773c7833e261ca86b3db6dc7efef76dac8
SHA512

8662132edc07ade249775f6f0a8e69bba34a8e4ebc09b9b8b526618ea6efcf8a2fa505ba24abd0e6805ac6c8c48295a8cdfae14dd45957867c05bd460c47b9b7
SSDEEP

384:zp56YR43ThsKyXVVNSuHFFF7RjeYctgR936Llm67slpF7FFFlry60X4a27FFFrnb:zs3lsbNPeBtgR0nsll0X4b+fX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a73307420e42eccd3e985ab1ba9b5024_JaffaCakes118

Files

a73307420e42eccd3e985ab1ba9b5024_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1dabcd5276e5ee1dab9beca4d34abaf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\programs\newtehnology\startdrv\objfre_wxp_x86\i386\StartDrv.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyW
RegOpenKeyA
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerA

kernel32

GetProcAddress
GetModuleHandleW
lstrcatW
lstrlenW
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
CloseHandle
DeviceIoControl
GetFileSize
CreateFileW
GetDiskFreeSpaceW
WriteFile
SetFilePointer
ExitProcess
GetEnvironmentVariableW
lstrcpyW
GetShortPathNameW
GetModuleFileNameW
GetTickCount
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessW
DeleteFileW
CreateFileA
lstrcmpA
GetVolumeInformationA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetVersionExW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

shell32

ShellExecuteW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dabcd5276e5ee1dab9beca4d34abaf0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

shell32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 52B

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 52B

.rsrc
Size: 17KB - Virtual size: 16KB