dd81515a64a5e9245ea81def0f36ffbd_JaffaCakes118 | Triage

Sharing

General

Target

dd81515a64a5e9245ea81def0f36ffbd_JaffaCakes118
Size

24KB
MD5

dd81515a64a5e9245ea81def0f36ffbd
SHA1

a66387311806d70675602d5fec4398ab7f47183e
SHA256

ec50356c6db2e0b6eb7414b0d3c20dc49742b1ea0f5143f78666534b4f1b4cb4
SHA512

1442bc74c125de0660bbfa4c8b126b3ae3a20ec017c278ecb6c1fcf6e2b0714983de289151093c54634868e21e5359d816ff0911da1aa6760bc4a2867e17cfd3
SSDEEP

192:vfoTImohsqQLwpiBlwXW6EjuBBQ6PRQkdZo1PpW3r+iSrm9qhd:XRsqgwpRXWxuBBQARQk7o1PpWqii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd81515a64a5e9245ea81def0f36ffbd_JaffaCakes118

Files

dd81515a64a5e9245ea81def0f36ffbd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

77999eed39e3de31844f8b07604e60bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
CloseHandle
GetCurrentDirectoryA
GetModuleFileNameA
CreateThread
VirtualProtect
lstrlenA
Sleep
ExitProcess

user32

PostQuitMessage
TranslateMessage
DestroyWindow
MessageBoxA
DispatchMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
wsprintfA
GetKeyboardState
MapVirtualKeyA
ToAscii
SetTimer
KillTimer
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
DefWindowProcA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

ws2_32

gethostname

msvcrt

time
srand
rand
memcpy
strcmp
free
fopen
fclose
fwrite
memset
strcpy
strrchr
memcmp
exit
_initterm
malloc
_adjust_fdiv
strcat
strlen

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ