efac376eaa3977941b90a7247517f1db_JaffaCakes118 | Triage

Sharing

General

Target

efac376eaa3977941b90a7247517f1db_JaffaCakes118
Size

7KB
MD5

efac376eaa3977941b90a7247517f1db
SHA1

8b7a8753d6955fa4be69208729fd276a378e039e
SHA256

c84500fd95ccbe4084daf001ff73d1939b230aba2d87756872eea6c2c5693a4b
SHA512

9d5ba1a57041bc4862a83918a468d795e14ad40cd9c21b91e33f2b691a5de65c1a6b789f7cdf67b56f2c8ddf72572b6869dc88a07c95d0c068a389d0e1b954e7
SSDEEP

192:Z18QSLql1i8Wn3PnTyMHPe1//rIz9u+f:T8zLql1i8Wn3PnOMHPe1/muq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efac376eaa3977941b90a7247517f1db_JaffaCakes118

Files

efac376eaa3977941b90a7247517f1db_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7081035cf8191e2aebcf1084a0955cc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetVersionExA
CreatePipe
CreateProcessA
ReadFile
PeekNamedPipe
CreateThread
CloseHandle
WriteFile
Sleep

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

ws2_32

recv
send
gethostname
gethostbyname
inet_ntoa
WSAStartup
socket
htons
inet_addr
connect
closesocket
setsockopt

msvcrt

_adjust_fdiv
_strlwr
malloc
_initterm
free
strncmp

Exports

Exports

ServiceMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 813B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ