ae9993d1fb2cb9a325443bcb8950e2f1_JaffaCakes118

General

Target

ae9993d1fb2cb9a325443bcb8950e2f1_JaffaCakes118
Size

361KB
MD5

ae9993d1fb2cb9a325443bcb8950e2f1
SHA1

03972590b552db1abb206ad4109ce47d77853f6e
SHA256

99d6a2c5e6c591af20e4d2b60f108218167457d778c837cb6f4df526b450b8cd
SHA512

ee4c377b2c8cbc754e23d5a99ec82610f61d503791026d2af8abbede6c095297ed1744c6d77393f0cb3f31c9ae330260c05fffb0a8e664d3856764133c502b94
SSDEEP

768:oI/juLWFzgDQPsB/T30rTahlGW78+Kri+t:nL4QPsB/KTa18+Kri+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae9993d1fb2cb9a325443bcb8950e2f1_JaffaCakes118

Files

ae9993d1fb2cb9a325443bcb8950e2f1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c4e920c2f8570f8f422b5f461736b07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
FindResourceA
WriteFile
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
ReleaseMutex
GetLastError
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
lstrcmpiA
FindClose
FindNextFileA
lstrcpyA
LoadResource
lstrcatA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcess
GetCurrentProcessId
CreateFileA
DeleteFileA
MoveFileExA
CopyFileA
GetModuleFileNameA
CreateMutexA
GetModuleHandleA
CloseHandle
FindFirstFileA
Sleep

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA

msvcrt

strncat
free
strstr
_beginthreadex
??2@YAPAXI@Z
memset

Exports

Exports

CoGetComCatalog
GetName
GetRPCSSInfo
ServiceMain
WhichService
_GetName@16

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c4e920c2f8570f8f422b5f461736b07

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 66KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 66KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 1KB - Virtual size: 1KB