bb0c2f7c39cd84a01122e5cfd205cd67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb0c2f7c39cd84a01122e5cfd205cd67_JaffaCakes118
Size

179KB
MD5

bb0c2f7c39cd84a01122e5cfd205cd67
SHA1

34fa9fe43d78c0936a50f8be42cb3b1f3b56cdb9
SHA256

bb15094f0e3452fe426d501d7e9bee52c37547badc9c237b6372ffedf5c5b9bc
SHA512

4a718f64ffe3157fd649b8a97f4137faf43aed7614f4e65d953ace816a48f0c510811d4d7d8d272d2b3f21b11c11716292df4ed5a447b163da6d9551253142de
SSDEEP

3072:ws7tqb9OqokjCg7TaOw89v3jLJynZcgjdBI4CU9H/tou6BA8o3BZT9G1Mks:vEJOqFJwcv3jtEBIxUpfoo34s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb0c2f7c39cd84a01122e5cfd205cd67_JaffaCakes118

Files

bb0c2f7c39cd84a01122e5cfd205cd67_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9fc6117fc8198898dd299cca7b57ab02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
CreateFileA
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
GetModuleFileNameA
CreateProcessA
lstrcatA
GetSystemDirectoryA
GetLastError
LoadLibraryExA
GlobalAlloc
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectA
DeviceIoControl
GetVersionExA
SetSystemTime
GetSystemTime
ExpandEnvironmentStringsW
GetFileSize
WriteFile
SizeofResource
LoadResource
FindResourceA
GlobalFree
LockResource
lstrlenW
lstrcatW
lstrcpyW
CreateFileW
lstrcpyA
GetTempPathA
GetTickCount
UnmapViewOfFile
MapViewOfFile
LocalFree
FreeLibrary
OpenProcess
GetStartupInfoA
GetCurrentProcess
lstrlenA
CreateThread
OpenEventA
CloseHandle
CreateEventA
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
lstrcmpiA
ExitThread
ExitProcess

user32

wsprintfW
wsprintfA

advapi32

OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ControlService
RegQueryValueExW
RegOpenKeyExW
DeleteService

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss1
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fc6117fc8198898dd299cca7b57ab02

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.bss1 Size: 512B - Virtual size: 24B

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.bss1
Size: 512B - Virtual size: 24B

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB