147cc00fcacc27a6e106169a5998ba4e_JaffaCakes118 | Triage

Sharing

General

Target

147cc00fcacc27a6e106169a5998ba4e_JaffaCakes118
Size

24KB
MD5

147cc00fcacc27a6e106169a5998ba4e
SHA1

912a123ad55be22f257b9ca6a4a19fcdd452c7d2
SHA256

bf4714382cf9efc65f86be1fbf3fc35b6f71494b52bd14d85e2d7daf60926d87
SHA512

90e15f3fd63d9c4efb7de966bcfb2e4ebe4b98ebd8cd5a44c6387dab988e075bc8553057c79367e67ee2b9504a1398d2f9aa7615de39d24f5d2eea305fc5aa02
SSDEEP

192:OJ0AnA8RNiM/puBBQ6PRQkjpMX1TKnJhDmMC:e0AAHYuBBQARQktMX1+36MC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
147cc00fcacc27a6e106169a5998ba4e_JaffaCakes118

Files

147cc00fcacc27a6e106169a5998ba4e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6095100791d6622b4cc97edb7aa36433

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
VirtualProtect
CloseHandle
GetCurrentDirectoryA
GetModuleFileNameA
CreateThread
lstrlenA
GetModuleHandleA
Sleep
ExitProcess

user32

SetTimer
MapVirtualKeyA
GetKeyboardState
wsprintfA
CallNextHookEx
KillTimer
ToAscii
UnhookWindowsHookEx
SetWindowsHookExA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostname

msvcrt

_adjust_fdiv
malloc
_initterm
free
fopen
fclose
fwrite
time
srand
strrchr
exit
strlen
strcpy
strcmp
memcpy
memset
strcat
rand

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ