699ef2cb318463cf40ccb43b026c008f_JaffaCakes118 | Triage

Sharing

General

Target

699ef2cb318463cf40ccb43b026c008f_JaffaCakes118
Size

406KB
MD5

699ef2cb318463cf40ccb43b026c008f
SHA1

580a3087ca9ff60bd1b103265332f9346c2c9fe1
SHA256

f39df327fe1c1bea6d7b8d9c9723d5c414e0604c9e3deb3254e4903847738e13
SHA512

394b15ee032b7c7968e3faec36b80407e368f8bf40796b7d98946ea7751bac6fe363bc394daa972ff245cadaa0fdaf594915c705801717a5c2cadee585dd1c23
SSDEEP

12288:aYwP2g5kEA+KZB/lGrKAvLCpqR6uYLQhpLnht:Y2n+KZNvY1j3Lnht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699ef2cb318463cf40ccb43b026c008f_JaffaCakes118

Files

699ef2cb318463cf40ccb43b026c008f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

65211fbc95725da46f38494f381eedc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

CreateServiceW

gdi32

BitBlt

imm32

ImmGetCompositionStringW

oleaut32

SysFreeString

psapi

GetModuleFileNameExW

shell32

SHChangeNotify

shlwapi

StrCmpIW

user32

GetKeyNameTextW

userenv

CreateEnvironmentBlock

wininet

InternetOpenW

winmm

mixerSetControlDetails

ws2_32

inet_ntoa

ole32

CoInitialize

Exports

Exports

Install
Launch
ServiceMain
UnInstall

Sections

Size: 398KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE