dafeea40ea6f3c2538a8644c54ef4d48_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dafeea40ea6f3c2538a8644c54ef4d48_JaffaCakes118
Size

9KB
MD5

dafeea40ea6f3c2538a8644c54ef4d48
SHA1

9ee0464713f3f5e50007223853070f33204c8f4d
SHA256

1b4e66ef780e79f59336e3f425b90391eb157f7e5a0e7ead63e3b718fa2d3ae7
SHA512

8748f7d1d14e972e93646baa2285a789b2c262156a0ee6a5a16ae18f839730c78213bd76e37e52e69604abe49b96027a44db56681b882c049cd8495c4fd45136
SSDEEP

192:Lrl9HVa45mm0Kqko1ti/1z0jXQ+Ab4n6W6GLBRNG:HV10pxmSB6S6W6GLj8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dafeea40ea6f3c2538a8644c54ef4d48_JaffaCakes118

Files

dafeea40ea6f3c2538a8644c54ef4d48_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c8bbe2c3a91ec01e81c7f551951cec40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetModuleHandleA
DeviceIoControl
SetThreadPriority
CreateThread
OpenEventA
GetVersionExA
GetModuleFileNameA
GetCurrentProcessId
GetLastError
OpenProcess
CreateFileA
CloseHandle
CreateEventA

advapi32

StartServiceA
DeleteService
ControlService
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle

msvcrt

sprintf
strstr
strrchr
strlen
strcpy
_except_handler3
memcmp
strcat
memcpy
free
_initterm
malloc
_adjust_fdiv
_strupr

Exports

Exports

AntiScanproc
DllManagerReadProcess
HookVantiReadProcess
WriteVantiDllToDisk

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ