8b20db98eafcacf102bbc7b4070774f3_JaffaCakes118 | Triage

Sharing

General

Target

8b20db98eafcacf102bbc7b4070774f3_JaffaCakes118
Size

19KB
MD5

8b20db98eafcacf102bbc7b4070774f3
SHA1

a3331cf4fc4fcfe1de81fbb42be43792f77f86d7
SHA256

811f5fa10630b97dd4069bb236410383cf7a22b4091fe4ccb5978cc3f29964a3
SHA512

70326ffb97ccade4103e927a344bbb353a5bca19c5724eaf9b1cd9502e8bcfc16fac48cd9725f5927552d3459c30ac583df7019103e7a8f9869ec62b901bfc76
SSDEEP

192:k56S4GvUwvI45fO3lGDd7YQAu8n0WoFluBBQ6PRQkXsO318ti6YjoJNWIvO:kxvUwvIsOsFAAnuBBQARQkD56MwNL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b20db98eafcacf102bbc7b4070774f3_JaffaCakes118

Files

8b20db98eafcacf102bbc7b4070774f3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4bc155fdf836ace93ed01ee8889b560f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
RtlZeroMemory
strcpy
memcmp
memcpy

kernel32

VirtualFree
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualQueryEx
CloseHandle
CreateFileA
CreateThread
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
Sleep
TerminateProcess
VirtualAlloc
VirtualProtectEx

user32

KillTimer
SetTimer
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
GetWindowTextA
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
CallNextHookEx
CallWindowProcA
EnumWindows

ws2_32

send
gethostname

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ