0131b3276b5df2c41bce5637f3ec1e20_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0131b3276b5df2c41bce5637f3ec1e20_JaffaCakes118
Size

52KB
MD5

0131b3276b5df2c41bce5637f3ec1e20
SHA1

6853ee611929584b15a878c8af3dbb2847708538
SHA256

ef34100f0f5aa6ff964ee413a579bd1abc114acb084029fb34ffeb4469112fa4
SHA512

fdd1ab3f26da7d015a4165bc9781cc1a15ea1dc709e58ea0d813e9d65d5320f4717d4ef245a9fc19437f8c57d9a031ad386a023a46b80e5bcec109e5e276c3ce
SSDEEP

768:Ls3oSoAUfrkFf8C6oQA8DnDkxrZadxcAbk5LRLKZqwOMCeK:Ls3oSIfbZZDnoaTbBPOte

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0131b3276b5df2c41bce5637f3ec1e20_JaffaCakes118

Files

0131b3276b5df2c41bce5637f3ec1e20_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a38e96cce70e5315f421d88d0c15715d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord342
ord1253
ord1168
ord5621
ord1083
ord5600
ord773
ord501
ord3702
ord6383
ord5440
ord6394
ord5450
ord825
ord3318
ord535
ord541
ord5861
ord6143
ord801
ord268
ord1567
ord2393
ord354
ord5186
ord1979
ord665
ord537
ord800
ord540
ord2818
ord6662
ord4278
ord858
ord3663
ord823
ord1182

msvcrt

_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
atoi
srand
rand
_ftol
memmove
calloc
_stricmp
isdigit
free
sprintf
strlen
time
wcstombs
strcat
_EH_prolog
__CxxFrameHandler
memset
memcpy
_strnicmp

kernel32

VirtualAlloc
CreateEventA
CreateThread
SetEvent
TerminateThread
WaitForSingleObject
GetCurrentThreadId
GetTickCount
GetModuleHandleA
GetCurrentProcess
FindClose
FindFirstFileA
GetCurrentThread
DeviceIoControl
GlobalFree
GlobalAlloc
CreateFileA
CreateMutexA
GetLastError
GetVersionExA
FreeLibrary
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
CloseHandle
Sleep
GetProcAddress
LockResource
LoadLibraryA

user32

wsprintfA

advapi32

OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
SetServiceStatus
ControlService
OpenServiceA

Exports

Exports

ServiceMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sxv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a38e96cce70e5315f421d88d0c15715d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 200B

.reloc Size: 4KB - Virtual size: 4KB

.sxv Size: 4KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 200B

.reloc
Size: 4KB - Virtual size: 4KB

.sxv
Size: 4KB - Virtual size: 4KB