fc6708ee4fadef05377d4dd0eb46bd3f_JaffaCakes118

General

Target

fc6708ee4fadef05377d4dd0eb46bd3f_JaffaCakes118
Size

46KB
MD5

fc6708ee4fadef05377d4dd0eb46bd3f
SHA1

33afcaca7e5e05885758cfc6d5c3de8579a1c4a8
SHA256

8f61c25a403fbbc53e67e437d445f334e566400521652a68f1729b9fd999a487
SHA512

fd5bf4d050faddf2549d1b972900b17a598dd8724b30998c928b5309c8a7fd63257118642a680dd134f0a3961d55df440c4f395f9ed6ba0a8ae0fa374d2710bb
SSDEEP

768:oJyFgbeXBnxvepKv2woo1w+WDd5SywqnoNm:rRnEpKv2wo63Ad4+o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc6708ee4fadef05377d4dd0eb46bd3f_JaffaCakes118

Files

fc6708ee4fadef05377d4dd0eb46bd3f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

937da777c92b6450894bcf704e03765d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32Next
MoveFileExA
lstrcatA
GetTempPathA
DeleteFileA
Sleep
WinExec
GetShortPathNameA
OpenProcess
Process32First
CreateFileA
lstrcpynA
GetSystemDirectoryA
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
Module32Next
lstrcmpiA
Module32First
FindResourceA
LoadResource
LockResource
SizeofResource
WriteFile
FreeResource
CloseHandle
GetModuleHandleA
GetProcAddress
GlobalAlloc
GetLastError
LoadLibraryExA
GlobalFree
FreeLibrary
DeviceIoControl
CreateToolhelp32Snapshot
GetStringTypeA
RtlUnwind
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeW

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
StartServiceA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

testall

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

937da777c92b6450894bcf704e03765d

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

psapi

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB