c1feaf368d5a59ba6ad0c033d402d726_JaffaCakes118

General

Target

c1feaf368d5a59ba6ad0c033d402d726_JaffaCakes118
Size

36KB
MD5

c1feaf368d5a59ba6ad0c033d402d726
SHA1

5aebc625aab4816a78a64f867606267e500c8adf
SHA256

f75346a466ebba4fd7a540a80fa8e842f3869c614473338ef1a3a2c53fb278e9
SHA512

d3dda301fe5349cf23546cc8f9ff0beb1cfb6e2f969d068581e6ae41308cc3c26a12b2b3650bea593127521609fb2dd62a5c22f38009eae454ffa961feeba198
SSDEEP

768:BCV3kZQcRngGzNRguIBkwunC+QTs0i42ImpkSsG:B7ZQMOu2xOOs0ipkSF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1feaf368d5a59ba6ad0c033d402d726_JaffaCakes118

Files

c1feaf368d5a59ba6ad0c033d402d726_JaffaCakes118
.exe windows:5 windows x86 arch:x86

950161e1a0c99ba87020ef4293a2329a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\VC5\release\ews.pdb

Imports

ntdll

RtlDosPathNameToNtPathName_U
ZwDuplicateObject
RtlCreateUserThread
RtlExitUserThread
ZwGetContextThread
ZwWaitForSingleObject
ZwDelayExecution
ZwOpenProcessToken
ZwSetContextThread
ZwResumeThread
RtlFreeUnicodeString
ZwOpenProcess
ZwCreateKey
RtlIpv4AddressToStringA
sprintf
ZwQuerySystemInformation
LdrFindEntryForAddress
wcsrchr
ZwQueryValueKey
ZwSetSecurityObject
ZwOpenKey
ZwSetInformationFile
RtlInitUnicodeString
ZwOpenFile
ZwClose
ZwCreateFile
LdrAccessResource
ZwQueryDirectoryFile
ZwSetValueKey
RtlGetFullPathName_U
swprintf
RtlGetCurrentPeb
RtlAdjustPrivilege
ZwQueryInformationToken
LdrFindResource_U
ZwWriteVirtualMemory
ZwWriteFile
memcpy

kernel32

GetSystemTimeAsFileTime
ExitProcess
GetTickCount

advapi32

OpenServiceW
CreateServiceW
DeleteService
ControlService
OpenSCManagerW
CloseServiceHandle
StartServiceW

ws2_32

WSAStartup
send
closesocket
WSASocketW
connect
WSACleanup

dnsapi

DnsQuery_A
DnsFree

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

950161e1a0c99ba87020ef4293a2329a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

dnsapi

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 205B

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 205B

.rsrc
Size: 27KB - Virtual size: 27KB