ad9a4420b4957bd3010b31410af12707_JaffaCakes118 | Triage

Sharing

General

Target

ad9a4420b4957bd3010b31410af12707_JaffaCakes118
Size

14KB
MD5

ad9a4420b4957bd3010b31410af12707
SHA1

51bae8c19a8f0c47e5e3c519e61db79b6bec4e66
SHA256

7951a7d8bb73ee7fbede372aa989e088ee7c9620118fbe3237c8c67472a32bad
SHA512

6c3fa43a2244b775c455a4b61985f8f3fa7881f0c0b1ae5fe7d1f54c0ebb0477c1101d8e54cebecd3c28819cbdcde372a0cb6865f144d2a2568daa8a0b0056d4
SSDEEP

192:7fCNDiuWdQWzZ5hfoImYsRgr2qHBuBBQ6PRQkkh3BlXl:2NDId36Iz1huBBQARQku3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad9a4420b4957bd3010b31410af12707_JaffaCakes118

Files

ad9a4420b4957bd3010b31410af12707_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6b2d4b52113bfa79b888a7bec84f465b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

ReadFile
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcmpA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
CreateThread
VirtualProtectEx
lstrcatA
lstrlenA
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ