17cf87eadfb62f55ff2f13c670e13375_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17cf87eadfb62f55ff2f13c670e13375_JaffaCakes118
Size

14KB
MD5

17cf87eadfb62f55ff2f13c670e13375
SHA1

3933b1c433b2ad3e4ac37bb86412b5b284ab1cb2
SHA256

082a998a91cd1ea2d276c6adb522df18eb02ab865c8c8de080b1db94f6f482e8
SHA512

f511cbfc23eb9eb956e6554c48f1546d119a340e679abfe83cfab0693cd2921c674e0715c6aa64da88c44c0c03568f03dc57bd6c216951b27f2ded317397e1c1
SSDEEP

192:9lUunf7VWV4ff1w9mYqilw1liZuBBQ6PRQkLzA7ZS2zhIHW:Yun8V4bbiu1yuBBQARQky82I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17cf87eadfb62f55ff2f13c670e13375_JaffaCakes118

Files

17cf87eadfb62f55ff2f13c670e13375_JaffaCakes118
.dll windows:4 windows x86 arch:x86

36656686eedeeb0a49ef9fdfc8129909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

lstrcatA
lstrcmpiA
WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
Sleep
GetSystemDirectoryA
lstrcmpA
CreateThread
lstrcpynA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
GetPrivateProfileStringA
lstrlenA
ExitProcess
GetPrivateProfileIntA
lstrcpyA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ