2ff1f3df16f0f73758a2bd2991ce1aed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ff1f3df16f0f73758a2bd2991ce1aed_JaffaCakes118
Size

14KB
MD5

2ff1f3df16f0f73758a2bd2991ce1aed
SHA1

677ccaf4120d9a5173ea0e77761b47d6e4557ef3
SHA256

eb8e4f726b387e86dd9438ab87f6b90af68665cd5cfa392aba6c9eaad3bf139e
SHA512

bb9e15ef5cc5734ce788e805bddd159c6b572f475c201f83cab8e4f248e0f0abaa565dd133a8a7dd6d4b1374b9c236cff324fae1118a56be0d593a936ebf5640
SSDEEP

192:qyL1cGWnWaQMCvqaWwHnJIa4JuBBQ6PRQkzHc3l9Kux:t1enzQ9qyCaUuBBQARQkzc3Oux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ff1f3df16f0f73758a2bd2991ce1aed_JaffaCakes118

Files

2ff1f3df16f0f73758a2bd2991ce1aed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

765a2379c789606e0c420aa0bc95ee60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

LoadLibraryA
EnterCriticalSection
DeleteCriticalSection
CreateThread
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
Sleep
LeaveCriticalSection
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcatA
ReadFile
VirtualProtectEx
InitializeCriticalSection

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ