24c586cbcb3361f0476a7cf6300070a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24c586cbcb3361f0476a7cf6300070a4_JaffaCakes118
Size

24KB
MD5

24c586cbcb3361f0476a7cf6300070a4
SHA1

39f1968a949efb4cffdad6f930955717732a53f9
SHA256

eee43017ecfacccff18a9b6060ca555ca727ac18710b0f472a066efee1dee0a2
SHA512

1e3c1b4a96bbd7656d7ec4fb5ebacfe452c6aa4c8a2aac87de90af1ee5f3019e82506329d3954473ec2b838ea71cb5c630cb55cf91921690b8b4c9e21075f9ae
SSDEEP

192:g/XZ2HCUfbYJpjuBBQ6PRQkA8t4TJ40KosLdXsLk:g/p2HixuBBQARQkLt4T2gsZcw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c586cbcb3361f0476a7cf6300070a4_JaffaCakes118

Files

24c586cbcb3361f0476a7cf6300070a4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

df91559360794997d9b697657fb5eb6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CloseHandle
VirtualProtect
GetModuleFileNameA
CreateThread
Sleep
ExitProcess
GetCurrentDirectoryA
lstrlenA

user32

CallNextHookEx
SetWindowsHookExA
SetTimer
KillTimer
UnhookWindowsHookEx
wsprintfA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

iphlpapi

GetAdaptersInfo

msvcrt

memset
_adjust_fdiv
malloc
_initterm
free
fclose
fread
fputs
fopen
strcat
exit
memcmp
strcpy
strcmp
strlen
memcpy
strrchr

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ