de9b8804c1f2f2932e45397448e3020e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de9b8804c1f2f2932e45397448e3020e_JaffaCakes118
Size

2.3MB
MD5

de9b8804c1f2f2932e45397448e3020e
SHA1

527124e4cd9444b43d9152f8ce5f2bff87d4a4cd
SHA256

1bc554d6955feb73f547b44bb4c1fc4d87b5eb1654554d74823f5fa19cb35a5e
SHA512

93384c289cc2821a5cd665c480b0263d0abee6abf529df62269167623e254bee1ff3b16bb42f3c3a18d89330aed5af434ad14133431b38c12126d0ec1809d472
SSDEEP

49152:Uy3TfUEWWRQgWB8Kdb8tELqc97B/bngimy1Vl:/3Tf2YYQt3c97B/bgimyZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de9b8804c1f2f2932e45397448e3020e_JaffaCakes118

Files

de9b8804c1f2f2932e45397448e3020e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d2a3a7dbec0ea8e2e1996a154d719f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
VirtualProtect
GetProfileStringW
GetModuleHandleW
GetStartupInfoW

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
QueryServiceStatus
OpenThreadToken
OpenServiceW
OpenSCManagerW
LookupPrivilegeValueW
CreateServiceW
ControlService
SetServiceStatus
SetEntriesInAclW
RegisterServiceCtrlHandlerW
RegSetValueExW
RegEnumKeyW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
OpenProcessToken
FreeSid
AllocateAndInitializeSid

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

ws2_32

gethostbyname
sendto
socket
getsockname
shutdown
gethostname
setsockopt
htons
recv
send
recvfrom
htonl
getservbyname

wtsapi32

WTSOpenServerW
WTSCloseServer

msvcrt

free
_onexit
__dllonexit
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
_exit
fopen
fseek
fread
fclose
strncmp
time
_except_handler3
__set_app_type
__p__fmode
fwrite
fputs
exit
malloc
__p__commode

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d2a3a7dbec0ea8e2e1996a154d719f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

ws2_32

wtsapi32

msvcrt

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 384KB - Virtual size: 382KB

.data Size: 272KB - Virtual size: 1.5MB

.tls Size: 4KB - Virtual size: 40B

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 384KB - Virtual size: 382KB

.data
Size: 272KB - Virtual size: 1.5MB

.tls
Size: 4KB - Virtual size: 40B

.rsrc
Size: 12KB - Virtual size: 10KB