5c281e7ed48cf7e0aca8dedcb43a531d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c281e7ed48cf7e0aca8dedcb43a531d_JaffaCakes118
Size

16KB
MD5

5c281e7ed48cf7e0aca8dedcb43a531d
SHA1

f59da8c795bb4380d9a791a62c6ff74ee13e92bd
SHA256

efcd3650292f9982216e82b77105e60c93b011c0a72ddb0fd61d5c13a15db3b5
SHA512

2eeccbf456a4d56dac8492a71e4bb618b1db180959b431966bef86cb936c6db85e201cda7f91f5ac1b9b20aa8582a1ce4876e200c10206a8c44f0f24b349b29e
SSDEEP

192:XRtZGj+JaFLPkgiO3bemMaWL5UQ5mutv5uBBQ6PRQknjxIinkD6:BtUj+J61b8hL5UQ9uBBQARQkjxIik

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c281e7ed48cf7e0aca8dedcb43a531d_JaffaCakes118

Files

5c281e7ed48cf7e0aca8dedcb43a531d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2d0c9cbfc79862af0735dd1e9f3a8a9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalFree
CreateThread
lstrlenA
lstrcatA
VirtualProtectEx
lstrcmpA
OutputDebugStringA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
ReadFile
LoadLibraryA
IsBadReadPtr

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ