f9b9cd903e579273fd9a098493e3752a_JaffaCakes118

General

Target

f9b9cd903e579273fd9a098493e3752a_JaffaCakes118
Size

32KB
MD5

f9b9cd903e579273fd9a098493e3752a
SHA1

6f50d567e0d789caf49b31b8493b5c6b3524cd5d
SHA256

26e63254a85bff3f2ccd994c29ce249f32c5fc8d32a031f67578f8032af5ca85
SHA512

39151ad42138955f9ab1fea4163a370937250388bc1b64eeda2ad23ed80532d7568eacf4e0bec67ee6443b18b6549ceac8c386ba543287b35b3aed2a0db7520c
SSDEEP

384:rq7jEFDwalb4jF2aNEkVTkCED3JyKlN+xmk:W7jEFDl1UD6kNXED3JyKlIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9b9cd903e579273fd9a098493e3752a_JaffaCakes118

Files

f9b9cd903e579273fd9a098493e3752a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dbf2b405fb69d00c26df8532b108c67e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetStartupInfoA
GetSystemDirectoryA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
FreeConsole
TerminateThread
WaitForSingleObject
FreeLibrary
DeleteFileA
WriteFile
CreateFileA
GetTempPathA
ReadFile
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
SetEvent
CloseHandle
GetModuleFileNameA
LoadLibraryA
GetProcAddress
CreateMutexA
CreateThread
Sleep
CreateEventA

advapi32

InitializeSecurityDescriptor
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl

urlmon

URLDownloadToFileA

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

msvcrt

strncpy
_adjust_fdiv
malloc
_initterm
free
sprintf
strrchr
wcstombs
_stricmp
strncmp

Exports

Exports

ServiceMain
SvchostPushServiceGlobals
TestCheckStatus
TestRunning

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbf2b405fb69d00c26df8532b108c67e

Headers

File Characteristics

Imports

kernel32

advapi32

urlmon

wininet

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 526B

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 526B