2a466db885ec9b26d6a3918f635eb787_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a466db885ec9b26d6a3918f635eb787_JaffaCakes118
Size

30KB
MD5

2a466db885ec9b26d6a3918f635eb787
SHA1

d05d3c960341203a19c05ab8b8d82d3b844c770f
SHA256

a29192661aa9ef8987638c361edea32c1107aec187b13f7ac0c9b91e538a2a32
SHA512

4f411f36bf1ac93de0e57dc4e0981c643c958fa4f30d9dd2b0db0a82338e9c9c5fa758574e6abd74703e7d2e8d7ed0ef3094e3cfc60b3db8a131a88edb6bba35
SSDEEP

768:0lE+AQqQQEWLY9+HcgdHCNnoAq5M2JujnhAsQD:6E+AQqQQE19+8gEZEahAsQD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a466db885ec9b26d6a3918f635eb787_JaffaCakes118

Files

2a466db885ec9b26d6a3918f635eb787_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9af4d5402dc98b40341fe3734fd5183f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetCommMask
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetOverlappedResult
PurgeComm
ClearCommError
GetLocalTime
RaiseException
LocalAlloc
LocalFree
SetEvent
GetStdHandle
ExitProcess
ResetEvent
CreateEventA
WriteFile
DeleteCriticalSection
GetCommandLineA
SetFilePointer
ReadFile
WaitCommEvent
lstrcatA
GetEnvironmentVariableA
CloseHandle
GetExitCodeThread
WaitForMultipleObjects
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
lstrlenA
VirtualAllocEx
SetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ResumeThread
SetThreadPriority
InitializeCriticalSection
SetCommTimeouts
SetCommState
GetCommState
GetVersion
SetupComm
GetCommProperties
GetCurrentThreadId
GetCurrentProcess
FreeLibrary
lstrcmpA
ExitThread
ReadProcessMemory
GetComputerNameA
TerminateThread
RtlUnwind
OpenProcess
CreateProcessA
TerminateProcess
CreateThread
SetStdHandle
WaitForSingleObject
GetModuleFileNameA
lstrcpyA
lstrcmpiA
CopyFileA
CreateFileA
GetProcAddress
GetModuleHandleA
LoadLibraryA

user32

DefWindowProcA
GetMessageA
TranslateMessage
KillTimer
PostQuitMessage
RegisterClassA
CreateWindowExA
SetTimer
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
SendMessageA
PostMessageA
wsprintfA
PostThreadMessageA

netapi32

Netbios

tapi32

lineDrop
lineGetDevConfig
lineGetCallStatus
lineInitialize
lineGetDevCaps
lineOpen
lineSetStatusMessages
lineShutdown
lineSetDevConfig
lineMakeCall
lineDeallocateCall
lineGetID
lineClose

wsock32

connect
WSAGetLastError
select
gethostname
gethostbyname
WSAStartup
socket
setsockopt
send
WSACleanup
inet_ntoa
closesocket

advapi32

CreateProcessAsUserA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
CloseServiceHandle
ChangeServiceConfigA
StartServiceCtrlDispatcherA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
RegCreateKeyExA
SetTokenInformation
DuplicateTokenEx
QueryServiceConfigA

Exports

Exports

ServiceMain

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9af4d5402dc98b40341fe3734fd5183f

Headers

File Characteristics

Imports

kernel32

user32

netapi32

tapi32

wsock32

advapi32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 736B

.cdata Size: 1024B - Virtual size: 658B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 736B

.cdata
Size: 1024B - Virtual size: 658B

.reloc
Size: 2KB - Virtual size: 2KB