12349ae7525595a96119f54c4dec01d4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

12349ae7525595a96119f54c4dec01d4_JaffaCakes118
Size

25KB
MD5

12349ae7525595a96119f54c4dec01d4
SHA1

2fd0a42d71b21b850ff1aaff3be05792ef3ae81d
SHA256

65d1b84003b4b5a962a79fe9bb6c84bdc52598879c68077db96282efc7a4930b
SHA512

9f756921313e1614b6c923b4c1f591a9b0862a94eb658e400043f52cad969619f907c2a178a1ab6bf89cb5b3ec10ef1a19513f31da77cf0cc9bf2792457014c6
SSDEEP

384:0REJM5YfzqV8e+i+r+F+z+l+b+F+j+l+L+ECV3cCaBRL+ex7n6bpRM:RMKtucCaB3xeRM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12349ae7525595a96119f54c4dec01d4_JaffaCakes118

Files

12349ae7525595a96119f54c4dec01d4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6b3a08715fb48c85cc1faf577cb30f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA

imagehlp

ImageLoad
ImageRvaToVa
ImageUnload

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeviceIoControl
DuplicateHandle
ExitThread
FindAtomA
FreeLibrary
GetAtomNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetLastError
GetProcAddress
GetSystemDirectoryA
GetVersion
LoadLibraryA
OpenThread
ResumeThread
SetThreadPriority
Sleep
TerminateThread
Thread32First
Thread32Next
WaitForSingleObject
lstrcpynA

msvcrt

_stricmp
__dllonexit
_errno
_iob
_vsnprintf
abort
fclose
fflush
fgets
fopen
fprintf
free
fseek
malloc
rand
srand

ntdll

ZwQueryInformationProcess
ZwQueryInformationThread
ZwQuerySystemInformation
memcpy
memset
strchr
strcmp
strlen
strpbrk
strrchr

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

core_DisableBSOD@0
core_EnableBSOD@0
core_FindHooks@0
core_Free@4
core_GetCallConvs@12
core_Go@36
core_LoadDriver@0
core_Stop@0
core_UnloadDriver@0

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6b3a08715fb48c85cc1faf577cb30f2

Headers

File Characteristics

Imports

advapi32

imagehlp

kernel32

msvcrt

ntdll

version

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 30KB

.edata Size: 512B - Virtual size: 291B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 708B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 30KB

.edata
Size: 512B - Virtual size: 291B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 708B