07d40dcca36b2c13716e672f655ae187_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07d40dcca36b2c13716e672f655ae187_JaffaCakes118
Size

24KB
MD5

07d40dcca36b2c13716e672f655ae187
SHA1

5d54b0dfed7dba79f98a2a8d7d6e3cbd4eb8309e
SHA256

211d945a082b15c63ebf92190ea65ec05ad9258c5599b7331f4fb2d042610c4d
SHA512

d45c3f5db11e99fc7b968ff606a44c79b47d14f660118043034d3b2a8faf6b5addb414df7f917883cc4a48793dceab53e159fc46b606433a45ce495f7e3cc225
SSDEEP

192:OjeaQOdWi9ROgeUeqrqiNd3a9uBBQ6PRQkbYa2qBICC2+E5WMcgdcTXwqU:8mKLaiq9uBBQARQk5xNClE5WMcMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07d40dcca36b2c13716e672f655ae187_JaffaCakes118

Files

07d40dcca36b2c13716e672f655ae187_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7f3f0ea68ae9939d18fd917537f0dcc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
ExitProcess
Sleep
VirtualProtect
CreateThread
IsBadReadPtr
lstrcatA
CloseHandle
GetModuleFileNameA

user32

SetTimer
wsprintfA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA

ws2_32

gethostname

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

msvcrt

_adjust_fdiv
malloc
_initterm
free
strcmp
strrchr
strlen
memset
strcpy
strcat
memcmp
exit

ntdll

_strlwr
_itoa

Exports

Exports

SUNHACK1
SUNHACK3
ServiceRouteEx
StartServiceEx
StopServiceEx
UNHACK6

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ