2f28e7f48c83ee2de7b1ccc92cd7e4c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f28e7f48c83ee2de7b1ccc92cd7e4c4_JaffaCakes118
Size

14KB
MD5

2f28e7f48c83ee2de7b1ccc92cd7e4c4
SHA1

84a2211652508cbc07b3548aa0f007af199c8c79
SHA256

8e094a1d2a11cd85cefdc22c5f0d5000b3f098b3910f7bf5e014ce70e4ad6ead
SHA512

010ec6b3f16e64229c604a541a13fa9e00d814e12029893cca03a22a87a7e1d24fade576aa7c1cda38ec96905dbd2e50e97996ab9c1d4626b759866eda92b2af
SSDEEP

192:ICc9duJTW0JSQMJc1X5f5MqPffyhPuBBQ6PRQk2l8qZTIKe:Ix9ws0UQIyXpSqPnwuBBQARQk+8ae

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f28e7f48c83ee2de7b1ccc92cd7e4c4_JaffaCakes118

Files

2f28e7f48c83ee2de7b1ccc92cd7e4c4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cad1224c3b81dcac1bd13824addefb8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname

ntdll

strlen
memcpy
memcmp
strstr
RtlZeroMemory

kernel32

ReadFile
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileStringA
EnterCriticalSection
WritePrivateProfileStringA
GetCommandLineA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
DeleteCriticalSection
VirtualProtectEx
lstrcatA
lstrlenA
CreateThread
LeaveCriticalSection

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ