dd393f5b7b35a3aaf6af0c997f3c7ecb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dd393f5b7b35a3aaf6af0c997f3c7ecb_JaffaCakes118
Size

44KB
MD5

dd393f5b7b35a3aaf6af0c997f3c7ecb
SHA1

a6431c9e7b03b96e979e2cdbbcfd282bbf9e574e
SHA256

5515e4d7a30c611984f6128fb7d1b56e940fc4a1e6b8dca664d8b08375cfa75d
SHA512

371e99cee85f635d41028bc7de1d81e2d9778670f7f46c161289039ec95d225bb25a968599e0c978e9ea1ce91b1e7ae41cf0fcf8d7d90253266afa91d17a1e3e
SSDEEP

768:AU5n1c6XaPjuahDM05TKy5dI3HzEz6BO0wOOPczyZFFsMCLjspGGGVGGG5aszvC:X3IjfTKyTjz6QcOPc+dYXspGGGVGGG5E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd393f5b7b35a3aaf6af0c997f3c7ecb_JaffaCakes118

Files

dd393f5b7b35a3aaf6af0c997f3c7ecb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b1e66220da3bd22266f01e52cb802f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
Sleep
lstrcpyA
CreateThread
FreeConsole
CreateFileA
GetModuleFileNameA
SetLastError
OutputDebugStringA
GetStdHandle
lstrcmpA
WriteFile
DeleteFileA
WinExec
CreateToolhelp32Snapshot
Process32First
lstrcatA
Process32Next
lstrlenA
GetLastError
CloseHandle
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
SetHandleCount
GetFileType
GetStartupInfoA
HeapAlloc
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer

advapi32

RegQueryValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyExA

ws2_32

WSAStartup
htons
inet_addr
gethostbyname
socket
connect
gethostname
send
recv
shutdown
closesocket
WSACleanup

Exports

Exports

InstallService
RundllInstallA
ServiceMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1e66220da3bd22266f01e52cb802f14

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB