349d1549475ef9ae975613d3d6d489e5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

349d1549475ef9ae975613d3d6d489e5_JaffaCakes118
Size

24KB
MD5

349d1549475ef9ae975613d3d6d489e5
SHA1

518a3912a06f17cd46ad43aab8ebf18195b631f0
SHA256

891eb4b64b405afc68ae97d160b48c1c75cf64e6535ff4d0fd37a7ffc2b489cf
SHA512

7e3f9d4d7ec4fe773049efa9112de2bdc0bd3ef2b63c8f692f573a4ec9a814e1e08a3687a50e802f955d3734a583a3f9629f6af847be8380930010a20ba23bb6
SSDEEP

96:Umt59eoKw0Gu2DMCGe9CZRvsQnQ6PRQ0bPJpGXrQgBqB53IhHAIrAHl1/aq3zNyZ:t9DKwtMCGe9uBBQ6PRQkBpaEL3xl1Zs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
349d1549475ef9ae975613d3d6d489e5_JaffaCakes118

Files

349d1549475ef9ae975613d3d6d489e5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fe2b2e43c6f5421b4c903763da54eca8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
lstrcatA
lstrlenA
VirtualProtect
CreateThread
CloseHandle
GetModuleFileNameA

user32

CallNextHookEx
KillTimer
SetTimer
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostname

msvcrt

_adjust_fdiv
malloc
_initterm
free
strlen
strrchr
strstr

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ