db9bb328fabf42babc6b5f26995245ef_JaffaCakes118

General

Target

db9bb328fabf42babc6b5f26995245ef_JaffaCakes118
Size

75KB
MD5

db9bb328fabf42babc6b5f26995245ef
SHA1

4130020bda78e2dc7903a646e5fb5d2d651ca324
SHA256

4fd51fd7375b7d4b30ac9cd77dd3a9f3ceac9003b00af03cd4fd95de7ff06bb9
SHA512

71981d0a11b201471af8b767b82dba8ada3fe16cee624744e9cbd92209106d66bce6185ee717b484971b373a397ba2a872ccff00df379e8c90830816191e729b
SSDEEP

1536:NMpF85qwd04hNd7nsHL/R5OM91kDCNtadSZqel:NMkfaw7slcMjhISZqa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db9bb328fabf42babc6b5f26995245ef_JaffaCakes118

Files

db9bb328fabf42babc6b5f26995245ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a0232866b45e3ae9f46aeaad41aa5c68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
LocalAlloc
GetLastError
FileTimeToLocalFileTime
LocalFree
InterlockedDecrement
GetVersionExA
DeleteCriticalSection
DisableThreadLibraryCalls
CreateEventA
SetEvent
GetCurrentThread
CloseHandle
GlobalAlloc
SetLastError
EnterCriticalSection
LeaveCriticalSection
GlobalFree
VirtualProtect
GetCommandLineA
InterlockedIncrement

advapi32

ControlService
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
EnumDependentServicesA
CloseServiceHandle
StartServiceA
RegOpenKeyExA
AccessCheck
OpenThreadToken
SetThreadToken
RegQueryValueExA
CryptAcquireContextA

ole32

CoSetProxyBlanket
CoGetCallContext
CoUninitialize
CoCreateFreeThreadedMarshaler

msvcr71

memmove
__dllonexit
__CppXcptFilter
_adjust_fdiv
_except_handler3
wcschr
wcslen
_wcsupr
wcsstr
wcscpy
_onexit
_wcsnicmp
_wcsicmp
free
_initterm
malloc

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0232866b45e3ae9f46aeaad41aa5c68

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msvcr71

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 33KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 33KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB