2bbffd9fd2c6ddd69cf7d876e71999dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bbffd9fd2c6ddd69cf7d876e71999dc_JaffaCakes118
Size

24KB
MD5

2bbffd9fd2c6ddd69cf7d876e71999dc
SHA1

93551cc5bf410d51d6744b9b50c04e35d6c6e67c
SHA256

bde486307d1b6252efceb9bd3661c19b23c6e1c567fe52fbfa2c50483db4f6df
SHA512

a6c686437e82c37c12d08bbf49b308a666278942328d52117f222a51c3d87960f6eb0cc911637a886d6430632ac0a1d29aec35cd8fc692c85bae34be15e23e16
SSDEEP

384:wEiXFrSCQ0WFbF7ZuuBBQARQkgaqZh4a8WfMptsN0B+:fiXZ1B2F7ZZBBQARQkgx/zRfMpy0B+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bbffd9fd2c6ddd69cf7d876e71999dc_JaffaCakes118

Files

2bbffd9fd2c6ddd69cf7d876e71999dc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4bc155fdf836ace93ed01ee8889b560f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
RtlZeroMemory
strcpy
memcmp
memcpy

kernel32

VirtualFree
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualQueryEx
CloseHandle
CreateFileA
CreateThread
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
Sleep
TerminateProcess
VirtualAlloc
VirtualProtectEx

user32

KillTimer
SetTimer
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
GetWindowTextA
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
CallNextHookEx
CallWindowProcA
EnumWindows

ws2_32

send
gethostname

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ