62677cc0f68b44be4a7ecc679172e3d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62677cc0f68b44be4a7ecc679172e3d0_JaffaCakes118
Size

24KB
MD5

62677cc0f68b44be4a7ecc679172e3d0
SHA1

156984c541ba552e713f985c7a766ad641e9ac92
SHA256

7d207dd41927915b8834bfc9dac0710fb3b30f12fdd4b661143640ec77bce43d
SHA512

11ac74d249da05f6a08709d93c3d943008785f7395767c9268e3836adb98cef7d103b18179f51f9565f28069e0d344bf4e1ae2667a132a737d8ec1ae457d1305
SSDEEP

384:IH+Le31rAn5e1CFSTQuBBQARQkxUYC2qgvg:tLe3lAngXHBBQARQkPC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62677cc0f68b44be4a7ecc679172e3d0_JaffaCakes118

Files

62677cc0f68b44be4a7ecc679172e3d0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5ea5517a1672b68f686437aca4798769

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
WriteProcessMemory
WaitForSingleObject
MultiByteToWideChar
GetCurrentDirectoryA
ReadProcessMemory
GetProcAddress
LoadLibraryA
CreateEventA
lstrlenA
Sleep
WideCharToMultiByte
lstrcatA
GetPrivateProfileStringA
VirtualProtect
CloseHandle
CreateThread
GetModuleFileNameA

user32

wsprintfA
SetTimer
KillTimer
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

ws2_32

gethostname
send

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

msvcrt

strcat
strcpy
memset
strlen
memcmp
fclose
fread
fputs
fopen
strcmp
strrchr
free
_initterm
malloc
_adjust_fdiv

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StATYU
StOAYU
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ