a973b3bed786d44eb546f25a43e0d5c9_JaffaCakes118

General

Target

a973b3bed786d44eb546f25a43e0d5c9_JaffaCakes118
Size

18KB
MD5

a973b3bed786d44eb546f25a43e0d5c9
SHA1

83300d4a4a43794d3ef9f8d0ff0554563f7d35a8
SHA256

64f397ef578e9b118bd4de4fc4b13459fab7df43ef6d3c3c692dfd60433caede
SHA512

40bb155eeaa6d447be71f3996b2e2c1a58e42284aaacd013ed885de17d292f25d7354ef51c5c343cab29c452b932dc36c9bcebdc619c4d7ec409cc4c32acd6fb
SSDEEP

384:KeWxltNYd2RfTcivfE5/pAzjBAAG6XCpTiDMXuxJ4c0wePFB:KnN22bcgfgNpT4cttB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a973b3bed786d44eb546f25a43e0d5c9_JaffaCakes118

Files

a973b3bed786d44eb546f25a43e0d5c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5753ab19aee4779b043d5f9d9aaf2842

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetStartupInfoA
GetTempPathA
GetThreadContext
HeapAlloc
HeapFree
MoveFileA
OpenEventA
OpenProcess
Process32First
Process32Next
ReadFile
ResumeThread
GetProcAddress
SetFileAttributesA
SetFilePointer
SetThreadContext
Sleep
VirtualAllocEx
WaitForMultipleObjects
WaitForSingleObject
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileSize
GetCurrentThreadId
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateProcessA
CreateFileA
CreateEventA
CreateDirectoryA
SetEvent
CloseHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegCreateKeyA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
ControlService
CloseServiceHandle
AdjustTokenPrivileges
RegSetValueExA

Exports

Exports

proc1

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5753ab19aee4779b043d5f9d9aaf2842

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 804B

.reloc Size: 512B - Virtual size: 312B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 312B