17fc0662fc109492f28b8ddc7ddce461_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17fc0662fc109492f28b8ddc7ddce461_JaffaCakes118
Size

16KB
MD5

17fc0662fc109492f28b8ddc7ddce461
SHA1

05f561b76221f10a303dd988516dc849467a9b71
SHA256

493b8a4aaa192c3adb54d82b7991306def3585bbcdf848293414b57deee7ac6b
SHA512

120188daaf824b46d6128870138a3e2f22c57f8f909557dd29432c9cfb3980304989f995071c801fb019784196109faa487411b94a4b3a967a458d3dff8f7379
SSDEEP

384:KZ/XwTJMrtEOdN3zyk7GuBBQARQkLvaMqJJz:KZvQTOdMk9BBQARQkW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17fc0662fc109492f28b8ddc7ddce461_JaffaCakes118

Files

17fc0662fc109492f28b8ddc7ddce461_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0080d1062b64769398227d1024ff78f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_strupr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

LoadLibraryA
GetSystemDirectoryA
GetPrivateProfileStringA
CreateThread
lstrlenA
WritePrivateProfileStringA
IsBadReadPtr
ExitProcess
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcatA
ReadFile
VirtualProtectEx
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ