fa32cf4cd8d4732e9bc15cec8d3002e4_JaffaCakes118 | Triage

Sharing

General

Target

fa32cf4cd8d4732e9bc15cec8d3002e4_JaffaCakes118
Size

28KB
MD5

fa32cf4cd8d4732e9bc15cec8d3002e4
SHA1

68168a9647087d5871b027f6d121267f53bef90f
SHA256

e05ae4a4abe9a52f049d5a2ff640078ec3cdcbc171f4bfa6d5c138a5f7240d6b
SHA512

156c206da9936ed4632651304844b7749952fa69c4e9fe595d1eb39e8c9c1e5d78556ade57953e4bccefbc079edb4b9a73dc4b4ae1862e3d7dcd1e787e87bed8
SSDEEP

384:+VNztchUCHetUpVT2Y9QQFuBBQARQkuNxPztBG3E5aISf:2DCHegT2Y+QYBBQARQk8xPzwE57Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa32cf4cd8d4732e9bc15cec8d3002e4_JaffaCakes118

Files

fa32cf4cd8d4732e9bc15cec8d3002e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b038dbb3ac8f66c4a1aa9d53dbdedfa6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
WriteProcessMemory
WaitForSingleObject
MultiByteToWideChar
GetCurrentDirectoryA
ReadProcessMemory
GetProcAddress
LoadLibraryA
CreateEventA
lstrlenA
Sleep
WideCharToMultiByte
lstrcatA
VirtualProtect
CloseHandle
CreateThread
GetModuleFileNameA

user32

CallNextHookEx
wsprintfA
SetTimer
KillTimer
SetWindowsHookExA
UnhookWindowsHookEx

ws2_32

gethostname
send

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

iphlpapi

GetAdaptersInfo

msvcrt

_adjust_fdiv
malloc
_initterm
free
strrchr
strcmp
fopen
fputs
fread
fclose
memcmp
strlen
memset
strcpy
strcat

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx
ruixing
ruixing2
ruixing3

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ