bf5f9717c3f045686f86ca8ed982df57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf5f9717c3f045686f86ca8ed982df57_JaffaCakes118
Size

24KB
MD5

bf5f9717c3f045686f86ca8ed982df57
SHA1

fc79541c4589ebe347bd3096b927ca82415c597e
SHA256

fa780e8ca73c49c369d2f06ee22f6cef947d3359a1b7d6771630c188e6a3e0c2
SHA512

d1829802e9f9ecd6bd75674c9533495f236529b5fd5a6a08fe8055023f1250253519f71d30656302e78618d461fe76e8c9a6e6a19d4e6ebeb70c99ceeae07e45
SSDEEP

192:K/Xz3AkMsA6JuBBQ6PRQkA8K4TJ4tyomBT:K/D3AYJuBBQARQkLK4T25m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf5f9717c3f045686f86ca8ed982df57_JaffaCakes118

Files

bf5f9717c3f045686f86ca8ed982df57_JaffaCakes118
.dll windows:4 windows x86 arch:x86

df91559360794997d9b697657fb5eb6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CloseHandle
VirtualProtect
GetModuleFileNameA
CreateThread
Sleep
ExitProcess
GetCurrentDirectoryA
lstrlenA

user32

CallNextHookEx
SetWindowsHookExA
SetTimer
KillTimer
UnhookWindowsHookEx
wsprintfA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

iphlpapi

GetAdaptersInfo

msvcrt

memset
_adjust_fdiv
malloc
_initterm
free
fclose
fread
fputs
fopen
strcat
exit
memcmp
strcpy
strcmp
strlen
memcpy
strrchr

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ