b854ebdda1731e539668f097096afee4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b854ebdda1731e539668f097096afee4_JaffaCakes118
Size

81KB
MD5

b854ebdda1731e539668f097096afee4
SHA1

ac62e7cd7360759caa278d2706122ed654f315e1
SHA256

0f3a65c5d7e36e79497f7f333f493897e0438ef6144de1c1844bb9e99999fdda
SHA512

4e6c0a5910589b4c5544e65d9e8a66a28d90ad88e310aa895bcfb117460d1a35b8a88c7a29b4740fce5065735435ed4672b607b49ca693bb7dd3f60f8b59925f
SSDEEP

1536:Fn0DDXsuJKlVNgPXFHSL26vt3okBfeCZhjlqcpT0A4U:F0D7suJxW26vt3b5eGJF0A4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b854ebdda1731e539668f097096afee4_JaffaCakes118

Files

b854ebdda1731e539668f097096afee4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0da4a9cee8bcdc35d4322c477f1c77e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
FindResourceA
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetTickCount
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadFile
GetFileSize
SetFileTime
GetFileTime
LoadResource
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
CreateProcessA
CreatePipe
TerminateThread
FreeLibraryAndExitThread
MoveFileExA
WinExec
LeaveCriticalSection
EnterCriticalSection
CreateEventA
FreeConsole
SetEvent
LockResource
SizeofResource
CreateFileA
SetFilePointer
WriteFile
FlushFileBuffers
CreateThread
Sleep
OpenProcess
GetSystemDirectoryA
DeleteFileA
GetModuleFileNameA
GetLastError
CloseHandle
CopyFileA

advapi32

OpenProcessToken
RegisterServiceCtrlHandlerA
SetServiceStatus
GetTokenInformation
LookupAccountSidA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

rand
srand
strchr
strncpy
sprintf
strncmp
strstr
atoi
free
malloc
system
__CxxFrameHandler
??3@YAXPAX@Z
_snprintf
_except_handler3
wcstombs
__dllonexit
_onexit
_initterm
_adjust_fdiv
_stricmp
_strnicmp

ws2_32

htonl
htons
setsockopt
socket
ioctlsocket
select
closesocket
shutdown
connect
recv
send
inet_ntoa
inet_addr
gethostbyname
WSACleanup
WSAStartup
WSAGetLastError

Exports

Exports

NwQueryStatus
ServiceMain

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0da4a9cee8bcdc35d4322c477f1c77e1

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 77KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 77KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 1KB - Virtual size: 1KB