ceb00f86523298f20eeb1c30decf90d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ceb00f86523298f20eeb1c30decf90d7_JaffaCakes118
Size

47KB
MD5

ceb00f86523298f20eeb1c30decf90d7
SHA1

843c92918ec80767404866c54a6df090e78c9196
SHA256

20c07c6da62e5667339e691da0269e249bc300a1743f2f2468d0a4b039fc3125
SHA512

7a46f0d325804f6f55de49f381e83faa90a33ed5c0a8344e1dd48b6c87acab17c858b2b7ab9abbc698f171430e50ffb937e1a75a6d9161114184071f5cdf33fb
SSDEEP

768:aFI0AS8zEpx4KNlKeYz9AwE9JaPYu0swzSqjzDJGY40LYEZxVl6:9vSNTtYzqwfPYuIGuIYRsgc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ServiceEx.exe

Files

ceb00f86523298f20eeb1c30decf90d7_JaffaCakes118
.zip
ServiceEx.exe
.exe windows:4 windows x86 arch:x86

cdb365222e43544257960df3142cce43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetACP
LoadLibraryA
CreateFileA
InterlockedExchange
FlushFileBuffers
HeapSize
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
SetEndOfFile
LocalFree
GetExitCodeProcess
RegisterWaitForSingleObject
CreateProcessA
TerminateProcess
GetPrivateProfileStringA
GetTickCount
Sleep
GetFileAttributesA
GetModuleFileNameA
GetLastError
CloseHandle
FormatMessageA
RtlUnwind
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcess
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
ReadFile

user32

MessageBoxA

advapi32

RegisterServiceCtrlHandlerExA
SetServiceStatus
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegCloseKey
QueryServiceStatus
ControlService
StartServiceA
OpenServiceA
CreateServiceA
CloseServiceHandle
DeleteService
RegisterEventSourceA
ReportEventA
DeregisterEventSource
StartServiceCtrlDispatcherA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ServiceEx.ini.sample

Sharing

General

Malware Config

Signatures

Files

cdb365222e43544257960df3142cce43

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 60KB - Virtual size: 56KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 60KB - Virtual size: 56KB