1670cf325b6c000440a797beda64324a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1670cf325b6c000440a797beda64324a_JaffaCakes118
Size

16KB
MD5

1670cf325b6c000440a797beda64324a
SHA1

f56c25da36514e23536e873187e730c5d7898b13
SHA256

6d4c065d8641bd9cf969dd5a14ca7e92eac02b69f88e5923da4afb6d5edf7026
SHA512

807c97a819060a36934b280fdacdbd40ce86916656636687ce6604a34726be28d4f70c262a7e886f0e9795e019de473e90802c2f7008a8d51b631cd7b9dea8d6
SSDEEP

192:22JVtGYSZOOv4MRR+q4qGKN6KF0YTONduBBQ6PRQk6Kiz7MF7T:RVwYjUaq4NHuBBQARQktiz7s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1670cf325b6c000440a797beda64324a_JaffaCakes118

Files

1670cf325b6c000440a797beda64324a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bb6d3cee41e4db28bd69e479140e5b8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalAlloc
lstrlenA
lstrcatA
VirtualProtectEx
ReadFile
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalFree
CreateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ