ef9e7ecce5f9bdf8ef947d3fb0358aca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef9e7ecce5f9bdf8ef947d3fb0358aca_JaffaCakes118
Size

16KB
MD5

ef9e7ecce5f9bdf8ef947d3fb0358aca
SHA1

dde232b51687b0c7dea5c8db7de8c42d0f71348b
SHA256

1a6072c3fbfe3f50bf4f404d0c4637674741d39849b3ae463ef2ea6c2a573421
SHA512

dfe9388644068b3f0bdbc51fd4ff91ed8f25840553b80781d866b9e9f67956a89dc509070f10ca38bec1e751acb851c293159ed5daa4a52469a5012120d7304a
SSDEEP

192:lL9KGDSignEL8IfZZ9v4KMNNxSvVIluBBQ6PRQkJJ/tiTCJ/gu8uj:t9LDOEpNv8NuBBQARQk7ti6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef9e7ecce5f9bdf8ef947d3fb0358aca_JaffaCakes118

Files

ef9e7ecce5f9bdf8ef947d3fb0358aca_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3938b9d381eb00c515b28dbc10a0fdff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalFree
lstrlenA
lstrcatA
VirtualProtectEx
ReadFile
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
MultiByteToWideChar
LoadLibraryA
CreateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceExA
StopServiceExA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ