ac415eaf811939600c35ce20b581d405_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac415eaf811939600c35ce20b581d405_JaffaCakes118
Size

24KB
MD5

ac415eaf811939600c35ce20b581d405
SHA1

40143a08dd4d49b7e8f3f782405c852f381e9c19
SHA256

e98ca168dbc6934263a61b816c8a7cbec834edfa97507e408f9c4194985540ab
SHA512

a6eeeb4a037e014844ac21e993519855e89c2bf241f2ede945ebefb01c068b94d81c280d856c767c9c7c369b9162c2e095fee946b0d8072eccf443f596b80136
SSDEEP

192:Pr7le9krwpdjuBBQ6PRQkbZIunP/w/cJ793xBAR1:j7le9kcnuBBQARQkVISP/w/cZ9ER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac415eaf811939600c35ce20b581d405_JaffaCakes118

Files

ac415eaf811939600c35ce20b581d405_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a31d3fb9d1a28776f78f66d7c653590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
GetPrivateProfileStringA
CloseHandle
VirtualProtect
GetModuleFileNameA
CreateThread
Sleep
ExitProcess
GetCurrentDirectoryA
lstrlenA

user32

CallNextHookEx
SetWindowsHookExA
SetTimer
KillTimer
UnhookWindowsHookEx
wsprintfA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

ws2_32

gethostname

msvcrt

strcpy
_adjust_fdiv
malloc
_initterm
free
memset
fclose
fread
fputs
fopen
strcat
exit
memcmp
strcmp
strlen
strrchr
atoi
memcpy

ntdll

_strlwr

Exports

Exports

Service
ServiceRouteEx
StartServiceEx
StopSe
StopSe1
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ