2becb7827d2c066bb84bc7095b60118d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2becb7827d2c066bb84bc7095b60118d_JaffaCakes118
Size

19KB
MD5

2becb7827d2c066bb84bc7095b60118d
SHA1

929f679ec41722edb64a460455e3ff3108e29ed1
SHA256

985ed7a3c7b58a1402b44d7b2c1df2a8a727b58e6bc73ad66b19c50285d792fc
SHA512

dddf8d1076df7ded779c7b7a2ab4d232ecf9265fb80da5797e743873dc8567d1595f9654405fea79bcb58083952358bc82a8dd301429447efb10d84a23a290c0
SSDEEP

384:mTfhTJgJtCef7uu3EF6GduBBQARQkYUmQ:mLNwX+F6GQBBQARQkYH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2becb7827d2c066bb84bc7095b60118d_JaffaCakes118

Files

2becb7827d2c066bb84bc7095b60118d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4bc155fdf836ace93ed01ee8889b560f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
RtlZeroMemory
strcpy
memcmp
memcpy

kernel32

VirtualFree
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualQueryEx
CloseHandle
CreateFileA
CreateThread
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
Sleep
TerminateProcess
VirtualAlloc
VirtualProtectEx

user32

KillTimer
SetTimer
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
GetWindowTextA
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
CallNextHookEx
CallWindowProcA
EnumWindows

ws2_32

send
gethostname

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ