2a9149366ad737cbfa94b0a72ae4c489_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a9149366ad737cbfa94b0a72ae4c489_JaffaCakes118
Size

36KB
MD5

2a9149366ad737cbfa94b0a72ae4c489
SHA1

f6b84eb16069c737a18c20928157cbe0a4195328
SHA256

f5193c75837689b8636fded9426e93587826a64ff84e4e54a70b6b47aa980277
SHA512

4af181b15f9a109f6e1e1a97a65c22a06026053e7097d5d29b298f53e87cd4be262a5f9ee28582b1207d56bc505bcd5c97861aaed025ab6beb205c3290019621
SSDEEP

768:mMm2XYxKTUtmPeQpLMFs6pp6umXpIqt6cZdEy+6WHZFRb7:mMzXYxKTUtmPeQpLMFs6aXpI66YdWbZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a9149366ad737cbfa94b0a72ae4c489_JaffaCakes118

Files

2a9149366ad737cbfa94b0a72ae4c489_JaffaCakes118
.dll windows:5 windows x86 arch:x86

da1482c4efcb848bb6fe486522eb1789

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Sens.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
free
wcschr
_wcsnicmp
wcscmp
wcslen
malloc

rpcrt4

RpcServerRegisterIfEx
I_RpcBindingIsClientLocal
RpcServerUseProtseqEpW
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
NdrClientCall2
NdrServerCall2

ole32

CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
StringFromIID
CoTaskMemFree
CoUninitialize

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEvent
GetSystemPowerStatus
CreateEventW
InitializeCriticalSection
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
DeleteCriticalSection
CloseHandle
ResetEvent
GetTickCount
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
DeleteTimerQueueTimer
InterlockedExchange
CreateTimerQueueTimer
Sleep
GetLastError
QueueUserWorkItem
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrlenW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId

advapi32

RegEnumKeyExW
RegSetKeySecurity
RegDeleteValueW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
WmiNotificationRegistrationW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
RegisterServiceCtrlHandlerExW
SetServiceStatus

Exports

Exports

SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da1482c4efcb848bb6fe486522eb1789

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

ole32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB