3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118 | Triage

Sharing

General

Target

3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118
Size

14KB
MD5

3bea740cc41f5b7908aed6012f2b2971
SHA1

b5becd90b49aac1e2e564f6831a49370cbe9b7bb
SHA256

b0de8d3b90e53a9070993f5cc0cd9cdea18ee60483b279e484e04e756c624772
SHA512

cfb1a10866eda9ffd1368b12390ecd20417343dbbd2e4b8f3c91b84d6e5794dfa7973fcf3a3a043c046613d40885d2edea4f1181fe85f6b29a49bea7811998ce
SSDEEP

192:cFp/KIgWPwkEIo3UXNBM2UqWsH3UXT4PuBBQ6PRQkOgAIjm8QXt:cFlK0Pq3CBxXUEPuBBQARQkmIjmj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118

Files

3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118
.dll windows:4 windows x86 arch:x86

61c31e4c964866a7fb618870c1715d96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

VirtualProtectEx
TerminateThread
Sleep
IsBadReadPtr
GetSystemDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
CreateThread
lstrcatA
lstrlenA
WaitForSingleObject

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ