ea1a4bc265a1ddea45835c4174b68165_JaffaCakes118 | Triage

Sharing

General

Target

ea1a4bc265a1ddea45835c4174b68165_JaffaCakes118
Size

24KB
MD5

ea1a4bc265a1ddea45835c4174b68165
SHA1

2f26ed01a821cbbcdab7ef1fe98c5c8df2899b6e
SHA256

eca8b36812420f1cfc31644ac354568d5386d8124934d34e0a4a6c0b6bfab744
SHA512

48e02a5243e69eee8aff0777afb85de5989e6ceebaea545959f97764a6046bb68da80bc65b15ade7c97073ec51702f51178c79013613faf6f3061c1250efdfda
SSDEEP

384:0gKzLfBgwhuBBQARQk4QVi8dPxlkCHcm:XKzLfOBBQARQkNi8VgCF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea1a4bc265a1ddea45835c4174b68165_JaffaCakes118

Files

ea1a4bc265a1ddea45835c4174b68165_JaffaCakes118
.dll windows:4 windows x86 arch:x86

76fa5638a55bb60d0f06508145c02cc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CloseHandle
Sleep
GetModuleFileNameA
CreateThread
VirtualProtect
ExitProcess
GetCurrentDirectoryA
lstrlenA

user32

UnhookWindowsHookEx
SetTimer
wsprintfA
CallNextHookEx
SetWindowsHookExA
KillTimer

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

ws2_32

gethostname

msvcrt

_adjust_fdiv
malloc
fclose
fread
fputs
fopen
strcat
exit
memcmp
strcpy
memset
strlen
strrchr
memcpy
strstr
strcmp
free
_initterm

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ