4beffd1798e92c39ce5194775aca747a_JaffaCakes118 | Triage

Sharing

General

Target

4beffd1798e92c39ce5194775aca747a_JaffaCakes118
Size

19KB
MD5

4beffd1798e92c39ce5194775aca747a
SHA1

0b6847be2b7741277a3632e8476f73bf6c166063
SHA256

0b909331a63afab43f61e2a0cdb7c36d63584699abb98dd28856c711ba7c1fcd
SHA512

83c30c34644d496a509c295bd6246a65a41de32d1bddf144c6d229532a16eb29b8c45d62a185d80631acf6534a74a18a431a1236ff3ebceabe6439cb378494dc
SSDEEP

384:SQZcJsri/4Fme1IOVVuBBQARQkOATO1J:SDsrYcWOVIBBQARQklT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4beffd1798e92c39ce5194775aca747a_JaffaCakes118

Files

4beffd1798e92c39ce5194775aca747a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8e435a4bfddf887862a4a9c2fbfd1f44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

GetCurrentProcessId
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
VirtualFree
VirtualAlloc
TerminateThread
Sleep
SetThreadPriority
ResumeThread
ReadProcessMemory
CloseHandle
CreateFileA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
lstrcatA
lstrlenA
CreateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
CallWindowProcA
EnumWindows
GetWindowLongA
GetWindowTextA
GetWindowThreadProcessId
KillTimer
SetTimer
SetWindowLongA
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ