e062413ac9cd06745edc9ef044ca49e4_JaffaCakes118

General

Target

e062413ac9cd06745edc9ef044ca49e4_JaffaCakes118
Size

50KB
MD5

e062413ac9cd06745edc9ef044ca49e4
SHA1

388254cdeb3f676aa407c7ff893908eac70f11f1
SHA256

394a880d063bcfb5e7b9a61748f27fad49561e513cc412af5fae31de9abec19e
SHA512

f74bfaaccbe06df8c2d0e93f2f9b936fd838a5574bd30a1cd35cd9d8d72b0263e86d3c20ea0463f94a88250c34740da0743bbd1732a12f3dd35cdd1a65d276d3
SSDEEP

768:pazL79pEHJiC0FhjEHinKSqYHmMrWQqEMBXD3o:0n79pEpiOCqYHmMr+to

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e062413ac9cd06745edc9ef044ca49e4_JaffaCakes118

Files

e062413ac9cd06745edc9ef044ca49e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a59398e05961408728ad16e74de5fe1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
select
WSAStartup
gethostbyname
sendto
WSACleanup
htons
socket
connect
send
closesocket
recv

advapi32

RegCreateKeyExA
DeleteService
ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCloseKey
RegSetValueExA
StartServiceCtrlDispatcherA

shfolder

SHGetFolderPathA

kernel32

GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
DeleteFileA
MultiByteToWideChar
CreateFileA
CloseHandle
CreateProcessA
ExitThread
ExitProcess
Sleep
GetTickCount
CreateThread
ReleaseMutex
CreateMutexA
lstrcmpiA
SetFileAttributesA
GetLastError
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
OpenMutexA
SetErrorMode
SetEvent
LocalFree
LocalAlloc
GetLocaleInfoA
GetVersionExA
WaitForSingleObject
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
WriteFile
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
ReadFile
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a59398e05961408728ad16e74de5fe1

Headers

File Characteristics

Imports

ws2_32

advapi32

shfolder

kernel32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 20KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 20KB