380bceb531005cf6d5c0dff6e80c28f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

380bceb531005cf6d5c0dff6e80c28f2_JaffaCakes118
Size

24KB
MD5

380bceb531005cf6d5c0dff6e80c28f2
SHA1

975bfffb8241e7e6cc65947df7709afc6a2be31d
SHA256

d5a6143e823d6ce70e049db4d1b3a7d9e9cdd5c854341e16686e8c3990ee2aa4
SHA512

c476eb934fc1e7f9160aa32ccfd765352c4d047799809e6a6e4795cd902208ba118c6822bbdaee0a1ef243c669e10f2bc0c9ffa08988e308aed0e3f11b0acc98
SSDEEP

192:+Wsfi2vQYT8zC/0HJuBBQ6PRQkJb5Mj2b7jaQF:9PiQCMpuBBQARQkXMjG7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
380bceb531005cf6d5c0dff6e80c28f2_JaffaCakes118

Files

380bceb531005cf6d5c0dff6e80c28f2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

186b0da335c5f6bd2a10d2ccdd614eb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
lstrlenA
Sleep
lstrcatA
GetPrivateProfileIntA
VirtualProtect
CloseHandle
CreateThread
GetModuleFileNameA

user32

SetWindowsHookExA
wsprintfA
SetTimer
KillTimer
CallNextHookEx
UnhookWindowsHookEx

ws2_32

gethostname

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

msvcrt

_adjust_fdiv
malloc
_initterm
free
strrchr
strcmp
strlen
memset
strcpy
strcat

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ