2d757905555eabe5af8203585b3f8464_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d757905555eabe5af8203585b3f8464_JaffaCakes118
Size

9KB
MD5

2d757905555eabe5af8203585b3f8464
SHA1

c8ba2d0fa0fc42a87c460d35f16e6c53fab710ff
SHA256

7b459be1e20c1dfc2dfe4613cfbefd0b4313c0d5bd98e41d9286fd8154253406
SHA512

6956bbe1e438dfb2c5617f1d441fadf536a32d34d5965ab764065cd583d40352d24596362611d94fc07ba558155864cbead412cc0ef87ff2a79b2aa673abeb80
SSDEEP

96:3RAHAda4xtzjLF3s0j7768XH3Bff+b0PTE7od105FbYqcjnVzSNaESQyaJg0oUkh:3RaYjNN6E3saoFMqWZQBWlW9bWT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d757905555eabe5af8203585b3f8464_JaffaCakes118

Files

2d757905555eabe5af8203585b3f8464_JaffaCakes118
.dll windows:4 windows x86 arch:x86

08c8c25ffcd245cd207b4afa680fb08e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
CloseHandle
CreateProcessA
GetCurrentDirectoryA
Sleep
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
DuplicateHandle
GetCurrentProcess
ExitThread
ReadFile
PeekNamedPipe
WriteFile

wininet

InternetCloseHandle
InternetOpenA
InternetGetConnectedState
InternetReadFile
InternetOpenUrlA

urlmon

URLDownloadToFileA

ws2_32

inet_addr
recv
htons
closesocket
socket
WSAStartup
send
connect

msvcrt

_adjust_fdiv
_initterm
_itoa
malloc
free
_ftol
_strnicmp
strrchr
strncat
??2@YAPAXI@Z
strstr
??3@YAXPAX@Z
strchr
atof
_beginthread
atoi

Exports

Exports

ServiceMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ