28e3bc3cad51acfe2ab48c06d1451ee5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28e3bc3cad51acfe2ab48c06d1451ee5_JaffaCakes118
Size

24KB
MD5

28e3bc3cad51acfe2ab48c06d1451ee5
SHA1

29ee4e970715a0ab132703540090d52a82aec28a
SHA256

cf35951d01305e8fe525a8b33d2d1c310757bcd196d107327006537406f005ef
SHA512

8f2ec7ac30cff84781cdc3664a5fb9cb856847b2f9940bfd5b0bb40b7b7e46db3b341683837fc4307af36d0d19180bd0e0f1405fbf6ae132f43145e62cb5fb80
SSDEEP

384:hSo4dqLTHkARpG3F6GQouBBQARQk4E/SmMx84:KqLTH3s6dBBQARQkVSTX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e3bc3cad51acfe2ab48c06d1451ee5_JaffaCakes118

Files

28e3bc3cad51acfe2ab48c06d1451ee5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

77ce9c2be7316a6dfcb830c33a405b34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
CloseHandle
VirtualProtect
GetModuleFileNameA
CreateThread
Sleep
ExitProcess
GetCurrentDirectoryA
lstrlenA

user32

CallNextHookEx
SetTimer
KillTimer
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

ws2_32

gethostname

msvcrt

memset
_adjust_fdiv
malloc
_initterm
free
fclose
fread
fputs
fopen
strcat
exit
memcmp
strcpy
strcmp
strlen
memcpy
strrchr

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ