eb251ad0ed94820208c71f6f62987adb_JaffaCakes118

General

Target

eb251ad0ed94820208c71f6f62987adb_JaffaCakes118
Size

8KB
MD5

eb251ad0ed94820208c71f6f62987adb
SHA1

562657a08623fd5c595b6df7692560536d4383f4
SHA256

4162c3b4864c3ae5cb288d99b791689d030a9e6912618589906ecdbfba95393d
SHA512

8d0fb1603244207f88c2c7c4584c4ae20c4f98ad531c4df38e8901a5e4c745f6715e9d46d191028daa05129b3eec56be5f9f645b32e06816812b57caccff50d8
SSDEEP

96:PIEU5h41F8fdCnwenXdBslpOC7eFHu4EW31mVaWwihkP:zU5YOgnhNClIC7eFORWsVaWF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb251ad0ed94820208c71f6f62987adb_JaffaCakes118

Files

eb251ad0ed94820208c71f6f62987adb_JaffaCakes118
.dll windows:1 windows x86 arch:x86

5838a64a1074203e168124201f83e999

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
FreeLibrary
GetEnvironmentStringsA
GetLastError
GetProcAddress
GetSystemDirectoryA
CloseHandle
LoadLibraryA
CopyFileA
MoveFileExA
RtlUnwind
RtlZeroMemory
WaitForSingleObject
CreateMutexA
CreateThread

advapi32

RegisterServiceCtrlHandlerExA
SetServiceStatus
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

crtdll

_fdopen
_makepath
_open_osfhandle
_sleep
fclose
_cexit
malloc
raise
setbuf

Exports

Exports

CTFStart
HandlerEx
ServiceMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 448B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 372B - Virtual size: 372B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 148B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5838a64a1074203e168124201f83e999

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 1KB

.data Size: 448B - Virtual size: 448B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 976B - Virtual size: 976B

.reloc Size: 372B - Virtual size: 372B

.edata Size: 148B - Virtual size: 148B

.text
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 1KB

.data
Size: 448B - Virtual size: 448B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 976B - Virtual size: 976B

.reloc
Size: 372B - Virtual size: 372B

.edata
Size: 148B - Virtual size: 148B