2d8b745e2a61588e0a79bb83201f6dbf_JaffaCakes118 | Triage

Sharing

General

Target

2d8b745e2a61588e0a79bb83201f6dbf_JaffaCakes118
Size

24KB
MD5

2d8b745e2a61588e0a79bb83201f6dbf
SHA1

11f77bbabe42acd47b85cb633669e888dd2cc6bc
SHA256

26bcba222058739e6a290edfba8519b7e8224810f34bfb3f557cd9ed5f76bdc3
SHA512

c8e6345f6a1cc6416be1610332d3d56e7130169ab041bd98318fdd38570f85b24216845d20bddbdbfb0c058e4eaeaf99cb500ce2f4ee124b02c8064cefde8e82
SSDEEP

192:0dSJolcY9UdzWMruIpjuBBQ6PRQkXMhMNn5WnN7i3khpIo:0dSJolazB7uBBQARQkchI5WRi3+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d8b745e2a61588e0a79bb83201f6dbf_JaffaCakes118

Files

2d8b745e2a61588e0a79bb83201f6dbf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6cc96e89221ae5a79fbcd0eb06dabc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
lstrcatA
CloseHandle
ReadProcessMemory
GetModuleFileNameA
CreateThread
VirtualProtect
Sleep
lstrlenA
ExitProcess

user32

CreateWindowExA
ShowWindow
KillTimer
UpdateWindow
DefWindowProcA
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
wsprintfA
SetTimer
GetActiveWindow
RegisterClassA
GetMessageA

ws2_32

send

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo

msvcrt

memcmp
free
strcmp
strstr
memcpy
fopen
fclose
fwrite
strcat
memset
strcpy
strrchr
strlen
exit
_adjust_fdiv
malloc
_initterm

ntdll

_strlwr
_strupr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ