d184629d0db7b62282889bff61f77ebb_JaffaCakes118 | Triage

Sharing

General

Target

d184629d0db7b62282889bff61f77ebb_JaffaCakes118
Size

21KB
MD5

d184629d0db7b62282889bff61f77ebb
SHA1

261dc53d716d28317751b0e589e9aef491186b26
SHA256

c3042afa2b8e4d109df7f9552737c79d349ec4d47e11276ca0db6ce77d997a10
SHA512

78eee510cf20b03b5bd457db64f3ee89f648b7f97917f5b073a171a4bd92ef778ef9800ac9fd5374dbf2bb2bb370000efcd984f43dd881f44629818e99c36bc7
SSDEEP

384:01wDae1gfqF3QW1dgWnmZ8xb8RHXw8nA0r04D1d97oCCyO:7eIgfq+W1dRmZ8xQnJgw97oCCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d184629d0db7b62282889bff61f77ebb_JaffaCakes118

Files

d184629d0db7b62282889bff61f77ebb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1b045d8ee7e400a185513eb450c17c6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

wininet

InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetAttemptConnect
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcrt

wcstombs
free
time
atoi
fclose
fopen
memset
strlen
strcat
strcpy
getenv
malloc
strcmp
atol
strncpy
fgets
_itoa
fputs
strchr
strstr
fwrite
strncat
_strlwr
fgetc
system
strncmp
exit
memcpy
rand
srand
_initterm
_adjust_fdiv
_ltoa

kernel32

DisableThreadLibraryCalls
LoadLibraryA
CreateFileA
DeviceIoControl
CloseHandle
GetVersionExA
TerminateThread
WinExec
CreateThread
Sleep

Exports

Exports

ServiceMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ