1327f1bfad327620ab055bb3bcbb2538_JaffaCakes118

General

Target

1327f1bfad327620ab055bb3bcbb2538_JaffaCakes118
Size

14KB
MD5

1327f1bfad327620ab055bb3bcbb2538
SHA1

431812d6270b0b3edbe55401522d37f6f574bae7
SHA256

019ca1a885167b6c813c0041bb06079199386b1bfdb6a4153fbbce045f4d7d59
SHA512

6d1aecd3880f41a38744901994d997432f63a350b886e9e031a0cfedaee3a308e5ca11d9c1fd95a06c1354952a27f3a53fba6bc9acd5458f2b54bf94d0925667
SSDEEP

192:RvwC7CgBuAvxyMxWR3fQJZLvcmhJq90wINzsCQ+gV9kBolYvo9cP6IrI6cJ:17pBuuymWR3fQJZoVkRQz/lYPP6EI6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1327f1bfad327620ab055bb3bcbb2538_JaffaCakes118

Files

1327f1bfad327620ab055bb3bcbb2538_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6097e63baf70025d4377ac83b9ea2464

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

shutdown
listen
ntohs
accept
WSAStartup
WSACleanup
WSASocketA
setsockopt
sendto
inet_addr
select
__WSAFDIsSet
inet_ntoa
getsockname
gethostbyname
connect
send
recv
socket
htons
bind
WSAGetLastError
closesocket

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

kernel32

CreateEventA
InitializeCriticalSection
WaitForSingleObject
lstrcmpiA
DeleteCriticalSection
CreateThread
GlobalFree
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
Sleep
GlobalAlloc
GetProcessHeap
HeapAlloc
lstrcatA
lstrlenA
CloseHandle
CreateProcessA
GetTempPathA
GetTempFileNameA
LeaveCriticalSection
lstrcpyA
EnterCriticalSection
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcpynA
GetLastError
SetEvent
HeapFree
WriteFile
CreateFileA

advapi32

RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
SetServiceStatus

Exports

Exports

ServiceMain
Service_Ctrl

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6097e63baf70025d4377ac83b9ea2464

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 640B

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 640B

.reloc
Size: 1024B - Virtual size: 1004B