a010c38047cc724336863ca1bfeca1bb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a010c38047cc724336863ca1bfeca1bb_JaffaCakes118
Size

15KB
MD5

a010c38047cc724336863ca1bfeca1bb
SHA1

670124931bb4463b4e38b071c2b8517ac9945d4e
SHA256

346d8cccbfa84d6bd3a9ecc4af844b0f632dc1acf25781483f26555aba894288
SHA512

dd32a6e1cc9d3689a3b4c0927a113ec7deedc35dc73614ef6ca65bfa15a0a9a55ffe7aca5d4d9fbe45666660e159ea45ff1cace2b111b3e8c0b6c89abc10fec6
SSDEEP

192:sqJ08+hGhZVNdTQMZhVe11utlgmtpMaQuBBQ6PRQk6eTKPr+IEXOi:nZPvV3QihM147MaQuBBQARQkLKPanOi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a010c38047cc724336863ca1bfeca1bb_JaffaCakes118

Files

a010c38047cc724336863ca1bfeca1bb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b29f44f13ff25083e23c25aabdbb27b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
IsBadReadPtr
GetPrivateProfileStringA
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
Sleep
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrlenA
ReadFile
VirtualProtectEx
lstrcatA
LeaveCriticalSection

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ