11627456b31553836f8a1f71ac6f2b72_JaffaCakes118

General

Target

11627456b31553836f8a1f71ac6f2b72_JaffaCakes118
Size

155KB
MD5

11627456b31553836f8a1f71ac6f2b72
SHA1

389bcbcc17fe697a3ae5faa42d4cb386c0799593
SHA256

e8b0f6b5a93b3ee3d7d358f830e992cd26df5737f85630bcbc1e095abc46c67f
SHA512

dc895525ee440f2eaa762a59942c77bebf369255fd983cc8e0575afcaf49b65df399046bf1cbb117fdc9efdb88f54a325a258af4b38e82cb1760750186123ce1
SSDEEP

3072:beKe0RwngH6LrxwMvwYSu44JqTFEYUJHBlUf7Ty2UzyBJn2qfF/gS:Gmsgav6MLx9OmjH+Xnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11627456b31553836f8a1f71ac6f2b72_JaffaCakes118

Files

11627456b31553836f8a1f71ac6f2b72_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff97da682ce5745528108836ae182b49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceStatus
OpenServiceA
ControlService
CloseServiceHandle
StartServiceA

rtutils

TraceRegisterExA
TracePutsExA
TraceDeregisterA
TraceDeregisterExA
TracePrintfExA
TracePrintfA
TraceDumpExA

ws2_32

WSARecvFrom

ntdll

RtlNtStatusToDosError
NtOpenFile
NtImpersonateThread
NtClose
NtDeviceIoControlFile
RtlAllocateHeap
NtWaitForSingleObject
RtlUnwind
RtlFreeHeap
NtCreateFile
wcsstr
NtAllocateVirtualMemory
wcsncpy

kernel32

GetOverlappedResult
InitializeCriticalSection
DeviceIoControl
GetCurrentProcess
DeleteCriticalSection
SetLastError
CreateEventA
ResetEvent
EnterCriticalSection
BindIoCompletionCallback
InterlockedIncrement
SetEvent
GetLastError
GetConsoleCP
InterlockedDecrement
lstrcpyW
GetQueuedCompletionStatus
Beep
SleepEx
Sleep
GetConsoleOutputCP
WaitForSingleObject
GlobalAlloc

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff97da682ce5745528108836ae182b49

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

rtutils

ws2_32

ntdll

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 1KB - Virtual size: 360KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 1KB - Virtual size: 360KB