fb4531134be91181b430c2b92f38ee00_JaffaCakes118

General

Target

fb4531134be91181b430c2b92f38ee00_JaffaCakes118
Size

11KB
MD5

fb4531134be91181b430c2b92f38ee00
SHA1

3563839a87d5138fa799b50f2a0423284f412ce3
SHA256

6cca09c3d09b5c4be1a36c8fd589c42655e43be4680a53d78014290b0bd97f43
SHA512

5ae51b0e74586309fd0c5253cc73c61c6f354c2167a3b4e0fa355665ec1d40f3ba9e83feb77445d03e59ef67b95f2cd13112d04a7ab73740565dddc559b18aa4
SSDEEP

192:mpyk8Tysg16J1EyGf0SfaTHmzZZt/uT8gyhfSCfA9uvpJ2l4XRw:mxNsg16J1qaTHOZZt/uTCYH9+pESX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb4531134be91181b430c2b92f38ee00_JaffaCakes118

Files

fb4531134be91181b430c2b92f38ee00_JaffaCakes118
.dll windows:4 windows x86 arch:x86

25df73fe2c38accb04335747d6a8cec8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord540
ord860
ord941
ord356
ord3319
ord287
ord6139
ord2770
ord610
ord668
ord2781
ord4058
ord3178
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
__CxxFrameHandler
sprintf
fopen
memmove
atoi
fseek
fread
fclose
strncpy
strtok
free
_strlwr

kernel32

Process32Next
OpenProcess
CreatePipe
Process32First
CreateProcessA
ReadFile
CloseHandle
CreateToolhelp32Snapshot
GetDriveTypeA
GetLogicalDrives
WinExec
DeleteFileA
WriteFile
GetStartupInfoA
TerminateProcess
GetCurrentProcessId
GetLastError
FormatMessageA
LocalFree
CreateFileMappingA
MapViewOfFile
GetFileSize
UnmapViewOfFile
CreateThread
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
Sleep
lstrlenA
CreateFileA

user32

ExitWindowsEx

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

ws2_32

shutdown
recv
send
connect
inet_addr
closesocket
socket
inet_ntoa
gethostbyname
WSAStartup
gethostname
WSAGetLastError
htons

Exports

Exports

ServiceMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25df73fe2c38accb04335747d6a8cec8

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 692B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 692B